AuthenticationNotSupportedException: DIGEST-MD5 on WebSphere

青春壹個敷衍的年華 提交于 2020-01-03 04:51:25

问题


I've run into a problem attempting to authenticate from within my web services. Here is the code that fails.

private InitialDirContext callDirectory(String password,
            String usernameWithoutDomain) throws NamingException 
    {
        InitialDirContext ctx;
        Hashtable<String, String> env = new Hashtable<String, String>();

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, _ldapUrl ); 
        env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); 
        env.put(Context.SECURITY_PRINCIPAL, usernameWithoutDomain ); 
        env.put(Context.SECURITY_CREDENTIALS, password);  
        ctx = new InitialDirContext(env);
        return ctx;
    }

This code works against Active Directory on AIX using IBM's 1.5 JVM, but not on the same machine with the same VM when run inside WebSphere 6.1.

I've tried to control for all variables, and so far it looks like WebSphere is preventing the DIGEST-MD5 LDAP Authentication. Any ideas why?

Here is the stack trace:

javax.naming.AuthenticationNotSupportedException: DIGEST-MD5 
     at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:115) 
     at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:229) 
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652) 
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:298) 
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190) 
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208) 
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) 
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81) 
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:679) 
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:259) 
     at javax.naming.InitialContext.init(InitialContext.java:235) 
     at javax.naming.InitialContext.<init>(InitialContext.java:209) 
     at security.ActiveDirectoryReader.openDirectoryContext(ActiveDirectoryReader.java:80)

回答1:


So that others can benefit from this: modify the file :/opt/IBM/WebSphere/AppServer/java/jre/lib/security/java.security do a search for security.provider and add a line at the bottom of the other providers (if it's not already in there): security.provider.X=com.ibm.security.sasl.IBMSASL (where X is the next number in sequence for the lines above it)

We had this same issue, even opened a PMR with IBM (who still doesn't know how to fix)

The answer actually came from their own link: http://www.ibm.com/developerworks/java/jdk/security/50/secguides/saslDocs/ibm.sasl.provider.guide.html

seems this is supposed to be "on" by default...



来源:https://stackoverflow.com/questions/4209710/authenticationnotsupportedexception-digest-md5-on-websphere

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!