Why did Digest authentication stopped working after upgrading tomcat6 packages to version 6.0.24-52.el6_4 ?
Issue
-
Digest authentication fails after updating
tomcat6
packages to version 6.0.24-52.el6_4. -
Server rejects first unauthenticated request as expected and provides client with details for a Digest authentication request:
---response begin---
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 UTC
WWW-Authenticate: Digest realm="myrealm", qop="auth", nonce="1365690432916:5c1ca6295f31a2001f85098ccc094991", opaque="3D8F835A1ACF1D7827A16CB9E18E8CC8"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Date: Thu, 11 Apr 2013 14:27:12 GMT
Connection: keep-alive
---response end---
- Client re-submits the request using Digest authentication:
---request begin---
GET /ws/myservice HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: tomcat.example.com:8080
Connection: Keep-Alive
Authorization: Digest username="myuser", realm="myrealm", nonce="1365690432916:5c1ca6295f31a2001f85098ccc094991", uri="/ws/myservice", response="0a641143c00848ce785ae9ed5aa6cdb7", opaque="3D8F835A1ACF1D7827A16CB9E18E8CC8"
---request end---
- Server still rejects authenticated request:
---response begin---
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 UTC
WWW-Authenticate: Digest realm="myrealm", qop="auth", nonce="1365690432919:2175d5ed819f11adf4a6a2654f4c17c2", opaque="3D8F835A1ACF1D7827A16CB9E18E8CC8"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Date: Thu, 11 Apr 2013 14:27:12 GMT
Connection: keep-alive
---response end---
Environment
- Red Hat Enterprise Linux 6.
- tomcat6 version 6.0.24-52.el6_4.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.