Skip to main content

Glassfish error SEC1105 (PasswordCredential was required but not provided) in DIGEST auth-mode

4 replies [Last post]
JohnHailey
Offline
Joined: 2011-03-29
Points: 0

Hello

I've managed to get a Java EE6 web application I've been developing to authenticate with my company's active directory setup. My app is running on Glassfish 3.1 and I have followed these instructions to get it set up and working:

http://www.webdavsystem.com/javaserver/doc/authentication/ldap_glassfish

My problem is that although authentication is fine in BASIC mode, when I try and change the auth-type in my web.xml file to DIGEST my web application no longer works. I still get the browser asking for a username and password, and I enter the same user/pass combo that works in BASIC mode, but for some reason I get the following exception:

SEVERE: SEC1105: A PasswordCredential was required but not provided.
INFO: SEC5046: Audit: Authentication refused for [username].
WARNING: Web login failed: Login failed: javax.security.auth.login.LoginException: No credentials.

However I am entering a password so I'm not sure why it isn't being passed through. I've read a bit about a property named "digest-algorithm". After I had seen this I did try adding the following property to my domain.xml

<property name="digest-algorithm" value="MD5" />

However it didn't make any difference. My company is using active directory 2003 and although basic authentication would probably be acceptable (it is an intranet only application) I'd prefer to use Digest if possible.

Any ideas on how I can get the DIGEST authentication mode working?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
arthury
Offline
Joined: 2010-09-16
Points: 0

Try typing in the md5 hash of the password instead of the plaintext pw.
I am in the same boat as you ... I am now more puzzled than ever.

On Tue, Mar 29, 2011 at 2:49 AM, wrote:

> Hello I've managed to get a Java EE6 web application I've been
> developing to authenticate with my company's active directory setup. My app
> is running on Glassfish 3.1 and I have followed these instructions to get
> it
> set up and working:
> http://www.webdavsystem.com/javaserver/doc/authentication/ldap_glassfish[1]
> My problem is that although authentication is fine in BASIC mode, when I
> try and change the auth-type in my web.xml file to DIGEST my web
> application
> no longer works. I still get the browser asking for a username and
> password,
> and I enter the same user/pass combo that works in BASIC mode, but for some
> reason I get the following exception: *SEVERE: SEC1105: A
> PasswordCredential was required but not provided.* *INFO: SEC5046: Audit:
> Authentication refused for [username].* *WARNING: Web login failed: Login
> failed: javax.security.auth.login.LoginException: No credentials.*
> However
> I am entering a password so I'm not sure why it isn't being passed through.
> I've read a bit about a property named "digest-algorithm". After I had seen
> this I did try adding the following property to my domain.xml * name="digest-algorithm" value="MD5" />* However it didn't make any
> difference. My company is using active directory 2003 and although basic
> authentication would probably be acceptable (it is an intranet only
> application) I'd prefer to use Digest if possible. Any ideas on how I can
> get the DIGEST authentication mode working?
>
> [1]
> http://www.webdavsystem.com/javaserver/doc/authentication/ldap_glassfish
>
> --
>
> [Message sent by forum member 'JohnHailey']
>
> View Post: http://forums.java.net/node/786175
>
>
>

--
Arthur Y.

JohnHailey
Offline
Joined: 2011-03-29
Points: 0

Hi Arthur

Cheers for the reply. As per your suggestion I switched back my web application to DIGEST mode, then entered the md5 of my password into the password field when IE asked for my credentials.

Unfortunately it made no difference. Still the same error: SEVERE: SEC1105: A PasswordCredential was required by not provided.

So what to do next? In the meantime I will just have to live with BASIC mode, but I reckon there must be a way to get the more secure method working.

arthury
Offline
Joined: 2010-09-16
Points: 0

I do not have further information for you. Sorry about this.

Based on the most current documentation, I cannot use this feature
successfully. Personally, I think that if Oracle wants this feature to be
wildly successful, the doc needs to have, at least, one concrete example
that works for each of the Auth method, instead of relying on a blog that
was written in 2005.
I have already moved forward with other solutions.

On Wed, Mar 30, 2011 at 12:13 AM, wrote:

> Hi Arthur Cheers for the reply. As per your suggestion I switched back
> my web application to DIGEST mode, then entered the md5 of my password into
> the password field when IE asked for my credentials. Unfortunately it
> made
> no difference. Still the same error: *SEVERE: SEC1105: A
> PasswordCredential was required by not provided.* So what to do next? In
> the meantime I will just have to live with BASIC mode, but I reckon there
> must be a way to get the more secure method working.
>
> --
>
> [Message sent by forum member 'JohnHailey']
>
> View Post: http://forums.java.net/node/786175
>
>
>

--
Arthur Y.

JohnHailey
Offline
Joined: 2011-03-29
Points: 0

I'd agree with that. I've attended a few Glassfish webinars where they have had Q&A sessions at the end so maybe I will need to try and ask my question there!
The thing is that I also posted the same question on stackoverflow and haven't had so much as a comment, much less an answer, so I'm guessing this isn't exactly the easiest problem in the world to solve.