OAG Authentication Repository Digest Password Digestion Fails in Database Repository (Doc ID 2004777.1)

Last updated on AUGUST 18, 2016

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Symptoms

Oracle API Gateway (OAG) 11.1.2.2.0 + patch 19459659 (OAG bundle patch 11.1.2.2.2).

An HTTP Basic filter is configured to use a database repository for authentication with "Hash client password" checked.
This works in 11.1.2.2.0 without patch 19459659.

In 11.1.2.2.0 + patch 19459659, this fails because the hash algorithms are not being used.

Example error message:

ERROR   04/Feb/2015:13:03:43.606 [0dc4]         java exception:
com.vordel.circuit.authn.VordelAuthNException: Original Message - type=com.vordel.circuit.authn.VordelAuthNException msg=User Password doesn't match
at com.vordel.security.auth.repository.DatabaseAuthenticationProcessor.checkCredentials(DatabaseAuthenticationProcessor.java:223)
at com.vordel.security.auth.repository.AuthenticationProcessorBase.checkCredentials(AuthenticationProcessorBase.java:16)
at com.vordel.security.auth.HttpBasicAuthN.authenticate(HttpBasicAuthN.java:35)
at com.vordel.circuit.authn.HttpProcessor.performAuthentication(HttpProcessor.java:78)
at com.vordel.circuit.authn.HttpBasicProcessor.invoke(HttpBasicProcessor.java:41)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:150)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:42)
at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:45)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:150)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:42)
at com.vordel.circuit.InvocationEngine.recordCircuitInvocation(InvocationEngine.java:275)
at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:238)
at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:64)
at com.vordel.dwe.http.HTTPPlugin.processRequest(HTTPPlugin.java:375)
at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:383)
at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:177)
Caused by: com.vordel.circuit.authn.VordelAuthNException: User Password doesn't match
at com.vordel.security.auth.repository.DatabaseAuthenticationProcessor.checkCredentials(DatabaseAuthenticationProcessor.java:220)
... 15 more



Changes

The problem shows up only in the following versions:

OAG 11.1.2.2.0 with patch 19459659 (OAG bundle patch 11.1.2.2.2)
OAG 11.1.2.3.0 without SP2 (patch 20915983)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms