Propagated Digest authentication
Hello,
I have two servers (JBoss EAP 6.1.0.GA). The first is a web instance and the second contains the services as ejb.
I use the Digest mode and the hook to change the security context identity :
I created my custom LoginModule which extends UsernamePasswordLoginModule and my configuration on the web and the service servers is :
<login-module code="org.example.MyLoginModule" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="RFC2617"/>
<module-option name="hashUserPassword" value="false"/>
<module-option name="hashStorePassword" value="true"/>
<module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>
<module-option name="passwordIsA1Hash" value="true"/>
</login-module>
In database, the password is encrypted as MD5-RFC2617
On the web instance, the authentication is OK, I am login as User1 and the clear password is MyPwd (In database it's abcdefgh...). I am calling (with remote-outbound-connection) the EJB deployed on services instance as "guest" and with the hook, I am switching the identity as User1.
The authentication service side failed because the Digest seems not reconized or correctly treated (DigestCallback is not called)
____________________________ ________________________________________________
| | | | |
User1/MyPwd --- Digest ---> | Web Instance authentication OK | ------- Call EJB with Hook as guest ----->| switch as User1 | Services Instance AuthenticationFailed |
|_____________________________| |______________ |___________________________________ |
If someone has an idea... you will be my hero ^^
Thank you