When using newer Wildfly or EAP Versions >= 7.1.0, digest algorithm is not working if Wildfly is behind a reverse proxy and the proxy changes the URL.
For example with apache
ProxyPass /jboss/ http://localhost:8080/
The reason is that since [WFLY-10218] client can use bogus uri in digest authentication · wildfly/wildfly@493dc1c · GitHub Wildfly is validating whether the client uses the same URI in the Authorization header as the server URL. This is not the case and Wildfly returns 400. In our case this breaks changing from EAP 7.0 to EAP 7.2.
There is a workaround by setting
Knowing this its not a big deal, however finding the reason takes some time.
A comment in the code says:
//I am not sure if this is overly strict, however I think it is better
//to be safe than sorry
Since changing the URL with reverse proxies is quite common, I think it is overly strict. Should I open a bug in - Red Hat Issue Tracker ?
Retrieving data ...