This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
This site is in read only until July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Digest Authentication

Posted on 01-17-2023 05:41 AM
Peeyush_Singhai
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi All,

We have requirement to do digest authentication in our proxy we know apigee doesn't have built-in policy for that so we are doing with java script policy. 

We are sending a request to server(with username and password) and server is responding with ( WWW-Authenticate →Digest realm="Users", nonce="YywQ5zlDGgTQs7Ki2r6HnPFQSemyS7Ea", qop="auth")

So we need to send  nonce and an encrypted version of the username, password and realm (a hash) with the use of md5 algorithm to the server.

So we are creating a java script policy to send above request but not getting correct response.

If anyone has done  digest-auth their advise will help us.

Thanks

 

Solved Solved
0 5 1,077
Topic Labels
Jump to Solution
0 Likes
Reply
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to dknezic
Reply posted on --/--/---- --:-- AM

The problem with the MD5 in Message Templates is... the payload for the digest is sort of dynamic.  There's a bunch of If..THEN...ELSE stuff you need to deal with, to implement HTTP Digest correctly. 

I wrote a callout that shows how to do it. 

https://github.com/DinoChiesa/Apigee-Java-HttpDigest

I tested this with a few known-good HTTP Digest endpoints and it works.  It is limited in a few ways. Check the README.

View solution in original post

Jump to Solution
Reply
5 REPLIES 5
Top Solution Authors
View all