curl-library
Problem with DIGEST and multiple authorization headers
Date: Fri, 9 Jun 2017 15:27:22 +0200
Hi,
does libcurl supports DIGEST authentication with multi realm responses?
Our problem is, that the 401 response comes with multiple digest auth
headers and different realms. CURL seems to ignore the duplicate digest
auth headers (commented in response). Consequently the following request
often contains the wrong auth header and the authorization fails. There are
other client implementations which iterate over all given auth headers.
Alternatively it would be helpful to somehow pre-configure the correct
realm with the Digest authentication.
Here is the timeline of a test to illustrate what I mean
(in this case the "T1Realm" would have been the correct auth header):
> GET /mbb/services/v1/123xyz HTTP/1.1
> Host: localhost:42870
> Accept: */*
> Accept-Encoding: deflate, gzip
> Content-Type: text/xml
> Content-Length: 0
< HTTP/1.1 401 Unauthorized
< Date: Thu, 01 Jun 2017 14:11:53 GMT
< Server: Apache-Coyote/1.1
< WWW-Authenticate: Digest realm="T21Realm", qop="auth",
nonce="1496326313805:68288:0cfc3c0f23e7996e6feb35e8bd41adf4",
opaque="ef65d4342759d9628ddabff7afc1063c"
* Ignoring duplicate digest auth header.
< WWW-Authenticate: Digest realm="T1Realm", qop="auth",
nonce="1496326313805:60114:2bcbe7b278a310132a9ed5ce748e71e7",
opaque="ef65d4342759d9628ddabff7afc1063c"
* Ignoring duplicate digest auth header.
< WWW-Authenticate: Digest realm="T22Realm", qop="auth",
nonce="1496326313807:16957:9bb61017669c9ef504fbdf650a01bad5",
opaque="ef65d4342759d9628ddabff7afc1063c"
< Content-Type: text/xml;charset=UTF-8
< Content-Length: 92
* Ignoring the response-body
* Received 92 B chunk
* Connection #18 to host localhost left intact
* Issue another request to this URL: '
http://localhost:42870/mbb/services/v1/123xyz'
* Found bundle for host localhost: 0x7ff2308714e0
* Re-using existing connection! (#18) with host localhost
* Connected to localhost (::1) port 42870 (#18)
* Server auth using Digest with user '929a0877cb787c21be0502cdfc0e66ee'
> GET /mbb/services/v1/123xyz HTTP/1.1
> Host: localhost:42870
> Authorization: Digest username="929a0877cb787c21be0502cdfc0e66ee",
realm="T21Realm",
nonce="1496326313805:68288:0cfc3c0f23e7996e6feb35e8bd41adf4",
uri="/mbb/services/v1/123xyz",
cnonce="ZDRkZTk4NjA2ZmE1N2RjNDg2M2MzMmQ0ZjU2NWI4YTA=", nc=00000001,
qop=auth, response="56bcd3c94b2c3fb9e891fba34e9b595b",
opaque="ef65d4342759d9628ddabff7afc1063c"
> Accept: */*
> Accept-Encoding: deflate, gzip
> Content-Type: text/xml
> Content-Length: 13158
| (12.8 KB hidden)
* upload completely sent off: 13158 out of 13158 bytes
< HTTP/1.1 401 Unauthorized
< Date: Thu, 01 Jun 2017 14:11:53 GMT
< Server: Apache-Coyote/1.1
* Authentication problem. Ignoring this.
< WWW-Authenticate: Digest realm="T21Realm", qop="auth",
nonce="1496326313841:45317:b52e0b6ed75010b31a93babf1f0f0ea9",
opaque="ef65d4342759d9628ddabff7afc1063c"
* Ignoring duplicate digest auth header.
< WWW-Authenticate: Digest realm="T1Realm", qop="auth",
nonce="1496326313842:93869:4383af7bc1ce2bd7daabb0dc8baefee0",
opaque="ef65d4342759d9628ddabff7afc1063c"
* Ignoring duplicate digest auth header.
< WWW-Authenticate: Digest realm="T22Realm", qop="auth",
nonce="1496326313843:69371:cd39e6d283ade19d1a54d5367e3b2944",
opaque="ef65d4342759d9628ddabff7afc1063c"
< Content-Type: text/xml;charset=UTF-8
< Content-Length: 92
* Received 92 B chunk
* Connection #18 to host localhost left intact
* Ignored 0 cookies
Thanks in advance.
Regards
Daniel
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-06-09