1 Reply Latest reply on Dec 5, 2019 8:57 AM by mayerw01

JDBC Authentication with salted-simple-digest-mapper, Invalid base 64 character

nschweig Dec 5, 2019 2:58 AM

Hi,

I use Wildfly 16 and I want to deny the access to my webapp. I configured a jdbc realm with a simple-digest-mapper and it worked, but only if I put the encoded password into the password field.

I want to automatically decode it and so I tried to use salted-simple-digest-mapper, but it does not work too. (Caused by: org.wildfly.common.codec.DecodeException: COM00508: Invalid base 64 character)

I think that I have to fill the "SALT" into my query but I do not understand in which way.

Here is my configuration

    <jdbc-realm name="OFVAccessJDBCRealm1">
                    <principal-query sql="SELECT PWD_ FROM act_id_user u WHERE u.ID_ = ?" data-source="ProcessEngineMySql">
                        <salted-simple-digest-mapper algorithm="password-salt-digest-sha-512" password-index="1" salt-index="2"/>
                    </principal-query>
                    <principal-query sql="SELECT u.PWD_, r.GROUP_ID_ FROM act_id_user u, act_id_membership r WHERE u.ID_ = ? AND u.ID_ = r.USER_ID_" data-source="ProcessEngineMySql">
                        <attribute-mapping>
                            <attribute to="roles" index="1"/>
                        </attribute-mapping>
                    </principal-query>
                </jdbc-realm>

Thanks a lot for your help.

Nicole

1. Re: JDBC Authentication with salted-simple-digest-mapper, Invalid base 64 character

mayerw01 Dec 5, 2019 8:57 AM (in response to nschweig)

Please look into WildFly Elytron Security chap 2.5.4 how to create the digets and salts

byte[] salt = original.getSalt(); byte[] digest = original.getDigest();

the salt and digest should be encoded to base64 (eg Base64.getEncoder().encodeToString(digest)))

the encoded values should then be provided in the SQL query like

select u.digest , u.salt, r.role from users u, roles r where u.username = ? and u.username = r.username
Actions