rbeckman-nextgen
commented
4 years ago Verification of tcpdump found that Digest Authorization is missing "client nonce" value in case of MD5-sess & Qop = undefined
09:24:10.037872 IP (tos 0x0, ttl 64, id 30407, offset 0, flags [DF], proto TCP (6), length 522, bad cksum 0 (->c424)!) ... .gzip,deflate..Authorization:.Digest.username="admin",.realm="QA",.nonce="kkJCOW ESEOtptQHLD7YLcZ+38fn4aDql",.uri="/digest/",.response="4925e6bb6e3a1f399398b54cc 2c1421e",.algorithm=MD5-sess,.opaque="my.secret.passphrase"....test.message.from.HTTP.SENDER.using.DIGEST.AUTH
Imported Comment. Original Details: Author: minht Created: 2016-02-26T14:07:12.000-0800
What is the issue: HTTP Sender getting response HTTP/1.1 401 Unauthorized if HTTP Authentication algorithms set to “MD-sess” {color:red} AND {color} Qop Modes is "undefined" OS(s) /JREs Used: local OSX Yosemite 10.10 with Java 8 Update 51 Issue found /exists in Version(s)/Build(s): mirthconnect-3.4.0.7925.b1883 Steps to Reproduce:
Actual Outcome:
responseStatusLine = HTTP/1.1 401 Unauthorized responseHeaders = www-authenticate=[Digest nonce="LYe8wPzasFPAXL9s5mdeyXF0eq9p5v4J", realm="QA", opaque="my secret passphrase", domain="/digest/", algorithm="MD5-sess"]}Expected Outcome: successfully send message
Additional Information: HTTP Sender getting status 401 only when Listener algorithm is set to “MD5-sess” or “both” {color:red} AND {color} Qop Mode is "undefined". Message sent successfully if Qop is defined (auth or auth-int)
Imported Issue. Original Details: Jira Issue Key: MIRTH-3896 Reporter: minht Created: 2016-02-26T13:58:08.000-0800