0 Replies Latest reply on Mar 12, 2014 1:28 PM by Thomas Vautrin

    Propagated Digest authentication

    Thomas Vautrin Newbie



      I have two servers (JBoss EAP 6.1.0.GA). The first is a web instance and the second contains the services as ejb.


      I use the Digest mode and the hook to change the security context identity :




      I created my custom LoginModule which extends UsernamePasswordLoginModule and my configuration on the web and the service servers is :


      <login-module code="org.example.MyLoginModule" flag="required">

                <module-option name="password-stacking" value="useFirstPass"/>

                <module-option name="hashAlgorithm" value="MD5"/>

                 <module-option name="hashEncoding" value="RFC2617"/>

                 <module-option name="hashUserPassword" value="false"/>

                <module-option name="hashStorePassword" value="true"/>

                <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>

                 <module-option name="passwordIsA1Hash" value="true"/>



      In database, the password is encrypted as MD5-RFC2617


      On the web instance, the authentication is OK, I am login as User1 and the clear password is MyPwd (In database it's abcdefgh...). I am calling (with remote-outbound-connection) the EJB deployed on services instance  as "guest" and with the hook, I am switching the identity as User1.


      The authentication service side failed because the Digest seems not reconized or correctly treated (DigestCallback is not called)


                                                 ____________________________                                                                 ________________________________________________

                                                |                                                   |                                                           |                         |                                                              |

      User1/MyPwd --- Digest ---> |  Web Instance authentication OK   | ------- Call EJB with Hook as guest ----->| switch as User1 | Services Instance AuthenticationFailed     |

                                                |_____________________________|                                                           |______________ |___________________________________ |


      If someone has an idea... you will be my hero ^^


      Thank you