开发者

AuthenticationNotSupportedException: DIGEST-MD5 on WebSphere

问答 作者:

I've run into a problem attempting to authenticate from within my web services. Here is the code that fails.

private InitialDirContext callDirectory(String password,
            String usernameWithoutDomain) throws NamingException 
    {
        InitialDirContext ctx;
        Hashtable<String, String> env = new Hashtable<String, String>();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, _ldapUrl ); 
        env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); 
        env.put(Context.SECURITY_PRINCIPAL, usernameWithoutDomain ); 
        env.put(Context.SECURITY_CREDENTIALS, password);  
        ctx = new InitialDirContext(env);
        return ctx;
    }

This code works against Active Directory on AIX using IBM's 1.5 JVM, but not on the same machine with the same VM when run inside WebSphere 6.1.

I've tried to control for all variables, and so far it looks like WebSphere is preventing the DIGEST-MD5 LDAP Authentic开发者_如何学Cation. Any ideas why?

Here is the stack trace:

javax.naming.AuthenticationNotSupportedException: DIGEST-MD5 
     at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:115) 
     at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:229) 
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652) 
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:298) 
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190) 
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208) 
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) 
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81) 
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:679) 
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:259) 
     at javax.naming.InitialContext.init(InitialContext.java:235) 
     at javax.naming.InitialContext.<init>(InitialContext.java:209) 
     at security.ActiveDirectoryReader.openDirectoryContext(ActiveDirectoryReader.java:80)

So that others can benefit from this: modify the file :/opt/IBM/WebSphere/AppServer/java/jre/lib/security/java.security do a search for security.provider and add a line at the bottom of the other providers (if it's not already in there): security.provider.X=com.ibm.security.sasl.IBMSASL (where X is the next number in sequence for the lines above it)

We had this same issue, even opened a PMR with IBM (who still doesn't know how to fix)

The answer actually came from their own link: http://www.ibm.com/developerworks/java/jdk/security/50/secguides/saslDocs/ibm.sasl.provider.guide.html

seems this is supposed to be "on" by default...

继续阅读:authenticationldapwebsphere

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9