Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
3 replies Latest Post - ‏2013-05-04T18:58:54Z by RolfRander
Kesavaraman
Kesavaraman
1 Post
ACCEPTED ANSWER

Pinned topic Digest Access Authentication

‏2013-04-23T09:18:52Z |

Hi,

One of our client has implemented HTTP Digest Access Authentication on their web server(web service)

Could any body let me know how to pass the Digest Access Atuhtendication credentials to the web service from datapower?

 

Thanks

Kesa

Updated on 2013-04-23T10:04:18Z at 2013-04-23T10:04:18Z by Kesavaraman
  • RolfRander
    RolfRander
    23 Posts
    ACCEPTED ANSWER

    Re: Digest Access Authentication

    ‏2013-04-24T07:13:59Z  in response to Kesavaraman

    I have looked into this before. The problem is that digest is a challenge-response-protocol, so the client (your datapower) has to send a request, the server will send a reply, and the client authenticates using the information in the reply.

    I can see several challenges implementing this in datapower:

    • when datapower gets a request, this needs to be translated to several requests to the server
    • the server typically returns a cookie (or maybe some other form of session-id) that will be used for authentication further requests (that is, putting the next requests in the same session as the first authentication)

    I can see that this should be possible in datapower, the xslt is fairly flexible, but I would suspect it ends up being "hairy"...

     

    regards

    rolf rander

    • NILAY97
      NILAY97
      207 Posts
      ACCEPTED ANSWER

      Re: Digest Access Authentication

      ‏2013-05-04T14:22:55Z  in response to RolfRander

      Hi Rolf,

      the server typically returns a cookie (or maybe some other form of session-id) that will be used for authentication further requests (that is, putting the next requests in the same session as the first authentication)

       

      this is what i have to implement in DataPower. My backend server would return a cookie in form of a session id which i have to insert( same cookie session id ) it in the request and fire it back to the backend so that the backend authenticates it.

       

      Could you please tell me how to do this in DataPower. Its Urgent

      Many Thanks,

      Nilay

       

       

      • RolfRander
        RolfRander
        23 Posts
        ACCEPTED ANSWER

        Re: Digest Access Authentication

        ‏2013-05-04T18:58:54Z  in response to NILAY97

        Handling cookies opens up a lot of new questions: should you keep track of client sessions, or should all clients be routed into the same backend session. Can your clients handle cookies or do you have to do it yourself? How do you determine the session a request belongs to?

        Anyway, for handling cookies yourself, you can use http-response-header() to pick it out of a response, store it in a variable, and use <set-http-request-header> to set it in future requests.

        However, I still think your biggest challenge will be to handle the challenge-response-protocol of digest authentication. If your datapower is supposed to handle digest authentication transparent to the client, you need to set up a rule which sends two requests to your backent server, the first to get a nonce from the server, and the second to provide an authentication-hash based on the nonce.

        You probably have to do some combination of <url-open> in your reply-rule to get the nonce and try posting again with the proper authentication header. But keep in mind that this can fail in very many ways that you have to handle.

        Wikipedia has a good introduction to digest authentication http://en.wikipedia.org/wiki/Digest_access_authentication

         

        regards, rolf rander