Why did Digest authentication stopped working after upgrading tomcat6 packages to version 6.0.24-52.el6_4 ?
Issue
-
Digest authentication fails after updating
tomcat6packages to version 6.0.24-52.el6_4. -
Server rejects first unauthenticated request as expected and provides client with details for a Digest authentication request:
---response begin---
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 UTC
WWW-Authenticate: Digest realm="myrealm", qop="auth", nonce="1365690432916:5c1ca6295f31a2001f85098ccc094991", opaque="3D8F835A1ACF1D7827A16CB9E18E8CC8"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Date: Thu, 11 Apr 2013 14:27:12 GMT
Connection: keep-alive
---response end---
- Client re-submits the request using Digest authentication:
---request begin---
GET /ws/myservice HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: tomcat.example.com:8080
Connection: Keep-Alive
Authorization: Digest username="myuser", realm="myrealm", nonce="1365690432916:5c1ca6295f31a2001f85098ccc094991", uri="/ws/myservice", response="0a641143c00848ce785ae9ed5aa6cdb7", opaque="3D8F835A1ACF1D7827A16CB9E18E8CC8"
---request end---
- Server still rejects authenticated request:
---response begin---
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 UTC
WWW-Authenticate: Digest realm="myrealm", qop="auth", nonce="1365690432919:2175d5ed819f11adf4a6a2654f4c17c2", opaque="3D8F835A1ACF1D7827A16CB9E18E8CC8"
Content-Type: text/html;charset=utf-8
Content-Length: 954
Date: Thu, 11 Apr 2013 14:27:12 GMT
Connection: keep-alive
---response end---
Environment
- Red Hat Enterprise Linux 6.
- tomcat6 version 6.0.24-52.el6_4.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.