OAG Authentication Repository Digest Password Digestion Fails in Database Repository
(Doc ID 2004777.1)
Last updated on JULY 21, 2023
Applies to:
Oracle API Gateway - Version 11.1.2.2.0 to 11.1.2.2.0 [Release 11gR1]Information in this document applies to any platform.
Symptoms
Oracle API Gateway (OAG) 11.1.2.2.0 + patch 19459659 (OAG bundle patch 11.1.2.2.2).
An HTTP Basic filter is configured to use a database repository for authentication with "Hash client password" checked.
This works in 11.1.2.2.0 without patch 19459659.
In 11.1.2.2.0 + patch 19459659, this fails because the hash algorithms are not being used.
Example error message:
com.vordel.circuit.authn.VordelAuthNException: Original Message - type=com.vordel.circuit.authn.VordelAuthNException msg=User Password doesn't match
at com.vordel.security.auth.repository.DatabaseAuthenticationProcessor.checkCredentials(DatabaseAuthenticationProcessor.java:223)
at com.vordel.security.auth.repository.AuthenticationProcessorBase.checkCredentials(AuthenticationProcessorBase.java:16)
at com.vordel.security.auth.HttpBasicAuthN.authenticate(HttpBasicAuthN.java:35)
at com.vordel.circuit.authn.HttpProcessor.performAuthentication(HttpProcessor.java:78)
at com.vordel.circuit.authn.HttpBasicProcessor.invoke(HttpBasicProcessor.java:41)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:150)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:42)
at com.vordel.circuit.CircuitDelegateProcessor.invoke(CircuitDelegateProcessor.java:45)
at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:150)
at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:42)
at com.vordel.circuit.InvocationEngine.recordCircuitInvocation(InvocationEngine.java:275)
at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:238)
at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:64)
at com.vordel.dwe.http.HTTPPlugin.processRequest(HTTPPlugin.java:375)
at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:383)
at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:177)
Caused by: com.vordel.circuit.authn.VordelAuthNException: User Password doesn't match
at com.vordel.security.auth.repository.DatabaseAuthenticationProcessor.checkCredentials(DatabaseAuthenticationProcessor.java:220)
... 15 more
Changes
The problem shows up only in the following versions:
OAG 11.1.2.2.0 with patch 19459659 (OAG bundle patch 11.1.2.2.2)
OAG 11.1.2.3.0 without SP2 (patch 20915983)
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |