0 Replies Latest reply on Mar 12, 2014 1:28 PM by Thomas Vautrin

    Propagated Digest authentication

    Thomas Vautrin Newbie

      Hello,

       

      I have two servers (JBoss EAP 6.1.0.GA). The first is a web instance and the second contains the services as ejb.

       

      I use the Digest mode and the hook to change the security context identity :

       

      https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html/Development_Guide/Chan…

       

      I created my custom LoginModule which extends UsernamePasswordLoginModule and my configuration on the web and the service servers is :

       

      <login-module code="org.example.MyLoginModule" flag="required">

                <module-option name="password-stacking" value="useFirstPass"/>

                <module-option name="hashAlgorithm" value="MD5"/>

                 <module-option name="hashEncoding" value="RFC2617"/>

                 <module-option name="hashUserPassword" value="false"/>

                <module-option name="hashStorePassword" value="true"/>

                <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>

                 <module-option name="passwordIsA1Hash" value="true"/>

      </login-module>

       

      In database, the password is encrypted as MD5-RFC2617

       

      On the web instance, the authentication is OK, I am login as User1 and the clear password is MyPwd (In database it's abcdefgh...). I am calling (with remote-outbound-connection) the EJB deployed on services instance  as "guest" and with the hook, I am switching the identity as User1.

       

      The authentication service side failed because the Digest seems not reconized or correctly treated (DigestCallback is not called)

       

                                                 ____________________________                                                                 ________________________________________________

                                                |                                                   |                                                           |                         |                                                              |

      User1/MyPwd --- Digest ---> |  Web Instance authentication OK   | ------- Call EJB with Hook as guest ----->| switch as User1 | Services Instance AuthenticationFailed     |

                                                |_____________________________|                                                           |______________ |___________________________________ |

       

      If someone has an idea... you will be my hero ^^

       

      Thank you