WildFly Elytron

WildFly Elytron

Configuring the Digest mechanism to make use of additional algorithms

By Diana Krepinska Vilkolakova | May 15, 2023
#http #sasl #digest #authentication #algorithm #factory #sha-256 #sha-512-256

The default algorithm used for the digest authentication mechanism is MD5. You can configure the WildFly server to also require or accept the SHA-256 and SHA-512-256 algorithms. This configuration can be specified in the mechanism-configuration attribute of both the http-authentication-factory and the sasl-authentication-factory:

<http-authentication-factory name="exampleHttpAuthFactory" security-domain="exampleSD" http-server-mechanism-factory="global">
    <mechanism-configuration>
        <mechanism mechanism-name="DIGEST-SHA-256">
            <mechanism-realm realm-name="exampleDomain"/>
        </mechanism>
        <mechanism mechanism-name="DIGEST-SHA-512-256">
            <mechanism-realm realm-name="exampleDomain"/>
        </mechanism>
    </mechanism-configuration>
</http-authentication-factory>
...
<sasl-authentication-factory name="exampleSaslAuthentication" security-domain="exampleSD" sasl-server-factory="configured">
    <mechanism-configuration>
        <mechanism mechanism-name="DIGEST-SHA-256">
            <mechanism-realm realm-name="exampleDomain"/>
        </mechanism>
        <mechanism mechanism-name="DIGEST-SHA-512-256">
            <mechanism-realm realm-name="exampleDomain"/>
        </mechanism>
    </mechanism-configuration>
</sasl-authentication-factory>

Note Make sure that your security realm can provide credentials in the format required by the DIGEST mechanism. The server must be able to calculate the response and verify it against the provided response.

Example

You can see an example of securing a web application with DIGEST-SHA-256 and DIGEST-SHA-512-256 here.

Summary

You can configure DIGEST-SHA-256 and DIGEST-SHA-512-256 mechanisms in the WildFly server.