LWP Digest authorisation small bag, in case response contents 2 (or
more) fields WWW-Authentificate like this:
/Server: Apache-Coyote/1.1//
//Vary: Accept-Encoding//
//WWW-Authenticate: Digest realm="1Realm", qop="auth",
nonce="1485848015167:56976:56060fb913a12670c39d700055b7679d",
opaque="ca05e8a9b744eb6c91c624ef9c61fb97"//
//WWW-Authenticate: Digest realm="2Realm", qop="auth",
nonce="1485848015167:96504:777475a2092ab30b6a23349cdb139e75",
opaque="ca05e8a9b744eb6c91c624ef9c61fb97"//
//Content-Length: 92//
//Content-Type: text/xml;charset=UTF-8/
in this case LWP will use first realm only, so if user provide "2realm"
credentials this will be ignored by LWP. (bad authorization attempt)
My fix(add to LWP::UserAgent after line 393 in "sub request", before
"return $class->authenticate"):
/ unless
($self->{basic_authentication}{$request->uri_canonical->host_port}{$$challenge{realm}}){//
// $response->header("Client-Warning" =>"Undefined authentication
realm '$$challenge{realm}'");//
// next CHALLENGE;//
// }/
this fix fill compare user defined credentials with server first
response and use it only if realm name is same.
Ivan Ladygin
