Hello, I am having issues making Digest auth work in Tomcat 8.5.23 for manager application.
I have done the following: 1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256 <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="*UserDatabase*"> <CredentialHandler className="org.apache.catalina.realm. MessageDigestCredentialHandler" algorithm="*SHA-256*" /> </Realm> </Realm> 2) Generated password using: ./digest.sh -a *SHA-256* -h org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s 0 password1234 I also tried : ./digest.sh -a SHA-256 -h org.apache.catalina.realm.MessageDigestCredentialHandler -i 1 -s 0 tomcat:UserDatabase:password1234 3) Set the last part of password following "password1234:" in tomcat-users.xml <role rolename="manager-gui"/> <role rolename="admin"/> <role rolename="manager"/> <user username="tomcat" password="b9c950640e1b3740e98acb93e669c6 5766f6670dd1609ba91ff41052ba48c6f3" roles="manager-gui,admin,manager"/> 4) Edit /webapps/manager/WEB-INF/web.xml <login-config> <auth-method>DIGEST</auth-method> <realm-name>UserDatabase</realm-name> </login-config> I then try to login to http://localhost:8080/manager/html and enter admin and password1234 it fails. There must be something I am missing. Sorry if I misread some documentation or if my question is stupid, these are the docs I have seen: - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialhandler.html# MessageDigestCredentialHandler Note the start of this part is not that clear for me. I think my format is *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration code and a hex encoded credential, each separated by $ I have also tried solutions described here without success: - http://www.techpaste.com/2013/05/enable-password-encryption- policy-tomcat-7/ - https://stackoverflow.com/questions/39967289/how-to-use- digest-authentication-in-tomcat-8-5 - https://stackoverflow.com/questions/2978884/tomcat- digest-with-manager-webapp Regards Philippe