Configuring DIGEST auth for manager

Sun, 05 Nov 2017 12:16:55 -0800 

Hello,
I am having issues making Digest auth work in Tomcat 8.5.23 for manager
application.

I have done the following:

1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="*UserDatabase*">
              <CredentialHandler className="org.apache.catalina.realm.
MessageDigestCredentialHandler" algorithm="*SHA-256*" />
        </Realm>
      </Realm>

2) Generated password using:
./digest.sh -a *SHA-256* -h
org.apache.catalina.realm.MessageDigestCredentialHandler
-i 1 -s 0 password1234

I also tried :
./digest.sh -a SHA-256 -h
org.apache.catalina.realm.MessageDigestCredentialHandler
-i 1 -s 0 tomcat:UserDatabase:password1234

3) Set the last part of password following "password1234:" in
tomcat-users.xml
<role rolename="manager-gui"/>
<role rolename="admin"/>
<role rolename="manager"/>
    <user username="tomcat" password="b9c950640e1b3740e98acb93e669c6
5766f6670dd1609ba91ff41052ba48c6f3" roles="manager-gui,admin,manager"/>

4) Edit /webapps/manager/WEB-INF/web.xml

<login-config>
    <auth-method>DIGEST</auth-method>
    <realm-name>UserDatabase</realm-name>
  </login-config>

I then try to login to http://localhost:8080/manager/html and enter admin
and password1234
it fails.

There must be something I am missing.

Sorry if I misread some documentation or if my question is stupid, these
are the docs I have seen:
- https://tomcat.apache.org/tomcat-8.5-doc/config/credentialhandler.html#
MessageDigestCredentialHandler Note the start of this part is not that
clear for me. I think my format is *salt$iterationCount$encodedCredential*
- a hex encoded salt, iteration code and a hex encoded credential, each
separated by $

I have also tried solutions described here without success:
- http://www.techpaste.com/2013/05/enable-password-encryption-
policy-tomcat-7/
- https://stackoverflow.com/questions/39967289/how-to-use-
digest-authentication-in-tomcat-8-5
- https://stackoverflow.com/questions/2978884/tomcat-
digest-with-manager-webapp

Regards
Philippe

Reply via email to