prev
next
out of 4

SERVER CONF FOR DIGEST AUTHENTICATION

Embed Size (px)

Citation preview

  • 8/6/2019 SERVER CONF FOR DIGEST AUTHENTICATION

    1/4

    This article includes details on how to implement HTTP Basic or Digest authentication and HTTPS and how to access these secured web services.

    You can access ArcGIS web services from SOAP clients or ArcGIS clients. ArcGIS web services secured through HTTP Basic or Digest authentication, HTTPS, or WS-Security can be accessed from any SOAP client; this functionality has been available since the initial release of ArcGIS Server 9.0.

    Refer to the table below for details on which version of ArcGIS clients can be used to access secured ArcGIS web services.

    Method of securing ArcGIS web service ArcGIS 9.0 clients ArcGIS 9.1 clients ArcGIS 9.2 clientsHTTP Basic Authentication Supported Supported SupportedHTTP Digest Authentication Not supported Supported SupportedHTTPS Not supported Not supported Supported

    HTTP with Basic or Digest AuthenticationHTTP with Basic or Digest authentication uses HTTP headers to support authentica

    tion. HTTP Basic authentication provides an authentication mechanism, with usernames and passwords, for web services. The user of the web service is challengedwith a login dialog. If the user has logged in, the base-64 encoded credentialsare in the HTTP header. Basic authentication is not considered strong authentication, it is trivial to decode the username and password.

    HTTP Digest authentication is more secure than Basic authentication, but it hasbeen implemented differently by various browsers.

    HTTPSHTTPS is widely used for encrypting private information. You have probably usedHTTPS when purchasing items on the Internet or accessing your companys email server. HTTPS provides a transport channel level security. HTTPS stands for HTTP via

    SSL (Secure Sockets Layer). SSL is a technology that allows web browsers and web servers to communicate over a secure connection. In this secure connection, the data that is being sent is encrypted before being sent, then decrypted upon receipt and prior to processing. Both the browser and the server encrypt all traffic before sending any data.

    SSL addresses the following important security considerations:

    IdentificationAuthenticationConfidentialityIntegrity

    Digital certificates are used with HTTPS to authenticate web servers and web clients. In the case of server authentication, the first time an attempt is made tocommunicate with the web server over a secure connection, the server presents aserver certificate to the client. The certificate is a means to verify that thesite is who it claims to be. You should note that HTTPS can be configured withfake certificates which enables encryption but does not provide reliable authentication. In this case, you must be able to trust the applications on the HTTP end-points.

    To overcome the limitation of not being able to authenticate the client, you could implement mutual authentication where you have both server authentication andclient authentication. Client-certificate authentication involves requesting acertificate from the client in order to verify that the client is who it claims

    to be. In the case of mutual authentication, the server and client authenticateone another with certificates. The client's identity is in a client certificate.The server's identity is in a server certificate, stored in a keystore file.

  • 8/6/2019 SERVER CONF FOR DIGEST AUTHENTICATION

    2/4

    If you choose to secure your web service with client-certificate authentication,you should be prepared to incur the expense of time and resources to configureSSL support on the server and set up the public key certificate. While you can use client-certificate based authentication with any SOAP client, a web service authenticated through this method will not be accessed from ArcGIS clients until9.2.

    WS-SecurityThe Web Services Security Specification (WS-Security) standard provides a framework for securing SOAP messages. The WS-Security Specification describes how to exchange signed and encrypted messages in a SOAP environment in order to provideintegrity and confidentiality. WS-Security can use Public Key Infrastructure (PKI), Kerberos, Basic or Digest authentication, and SSL to provide the security.

    WS-Security is an important standard that is still evolving and becoming widelyaccepted. It is not yet supported with ArcGIS web services but you can take advantage of it in your own application web services.

    Implementing HTTP with Basic or Digest AuthenticationHTTP authentication is the most familiar transport technique. It uses HTTP headers to support Basic or Digest authentication.

    Java Web Services with HTTP Basic or DigestTo set HTTP with Basic or Digest authentication for Java web services, the rolesshould be defined for the servlet container you use. After this is done, the XML deployment files for the server and the web service end points will be updatedto reflect the user access and role mappings.

    Java web services are fully supported with any of the servlet engines or application servers supported

    by the ArcGIS Server Java ADF. You can find a list of supported application servers on http://support.esri.com. The instructions in this article show code examples for implementing a Java web service with Tomcat 5.

    Setting realmsA realm is a "database" of usernames and passwords for identifying valid users of a web application or web service. In addition to usernames and passwords, there is a list of roles associated with each valid user.

    In your %TOMCAT_HOME%\conf\server.xml, define a realm. As shown below, comment out the default realm in the server.xml file.

    Then add the following tag to define the realm for Basic authentication.

    If you are setting the realm for Digest authentication, an additional attributeis needed.

    It is important to note that Tomcat cannot deploy applications using Basic and Digest at the same time. You must deploy two separate Tomcat instances with diffe

  • 8/6/2019 SERVER CONF FOR DIGEST AUTHENTICATION

    3/4

    rently configured ports and realms to offer Basic and Digest authenticated web services concurrently. To learn more about setting up realms, refer to http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html.

    Setting rolesYou will define a list of roles associated with each valid user. The %TOMCAT_HOME%\conf\tomcat-users.xml file is created during the install of Tomcat. It contai

    ns, in plain text, the user name, password, and roles that have been defined forthis server, and any users or roles you added after installation. The roles will be used later to configure authorization for your web service. Initially, thetomcat-users.xml file looks like this:

    You can edit the users file directly in order to add or remove users or modify roles, or you can use admintool to accomplish these tasks. To learn more about Tomcats admintool, refer to http://java.sun.com/webservices/docs/1.3/tutorial/doc/Admintool6.html#wp67613.

    Setting authentication and authorizationOnce you have created a web service catalog, edit the web service catalogs deployment descriptor, \WEB-INF\web.xml. The deployment descriptor is used to define the security elements and general configuration information of a web application.Security in a web application is configured using the following elements of thedeployment descriptor:

    The element gives the roles that are authorized to access the web service catalog. The element is used to assign an authorization constraintto a collection of resources. The element specifies the authentication method.For an example web service named wc_security, using Basic authentication and a role named role1, add the following lines after the other elements in your deploymentdescriptor (web.xml):

    wc_security

    /*role1

    BASIC

    role1

  • 8/6/2019 SERVER CONF FOR DIGEST AUTHENTICATION

    4/4

    Make sure that the that you specify in the deployment descriptor has a corresponding entry in your tomcat-users.xml file.

    When using Digest authentication, you would change the auth-method element to have the following value. DIGEST

    An updated version of the Java ADF arcgisant command is available from the 9.1 o

    nline version of ArcGIS Developer Help. The command has been updated to allow you to specify whether the web service is secured. When creating the web service catalog with the arcgisant command, you can specify which role memberships have access. The deployment descriptor will be populated with the necessary elements.


SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud

SIP Digest Access Authentication RELAY-ATTACK for Toll-Fraud

Documents
Using Twitter™ & Facebook™ API · Few webservices will still allow 2 common authentication schemes: Basic authentication Digest authentication Common terms: “OAuth dance”

Using Twitter™ & Facebook™ API · Few webservices will still allow 2 common authentication schemes: Basic authentication Digest authentication Common terms: “OAuth dance”

Documents
Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret

Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret

Documents
Sensor-Assisted Facial Recognition: An Enhanced Bio ...spirit.cs.ucdavis.edu/pubs/conf/shaxun-mobisys.pdf · Sensor-Assisted Facial Recognition: An Enhanced Bio-metric Authentication

Sensor-Assisted Facial Recognition: An Enhanced Bio ...spirit.cs.ucdavis.edu/pubs/conf/shaxun-mobisys.pdf · Sensor-Assisted Facial Recognition: An Enhanced Bio-metric Authentication

Documents
RESEARCH ARTICLE Evaluation of Authentication …Authentication Center (AUC): Authentication Center where all authentication algorithms are defined. The Authentication Centre (AUC)

RESEARCH ARTICLE Evaluation of Authentication …Authentication Center (AUC): Authentication Center where all authentication algorithms are defined. The Authentication Centre (AUC)

Documents
MDA: Message Digest-based Authentication for Mobile Cloud

MDA: Message Digest-based Authentication for Mobile Cloud

Documents
HTTP Authentication: Basic and Digest Access Authentication -

HTTP Authentication: Basic and Digest Access Authentication -

Documents
Authentication On-Boarding. Aadhaar Authentication Enrolment Aadhaar Generation Update Secure Aadhaar Authentication Framework Aadhaar Authentication

Authentication On-Boarding. Aadhaar Authentication Enrolment Aadhaar Generation Update Secure Aadhaar Authentication Framework Aadhaar Authentication

Documents
UNIX Authentication and Pluggable-authentication Modules ... · UNIX Authentication and Pluggable-authentication Modules (PAMs) Russell Bateman Description of UNIX authentication,

UNIX Authentication and Pluggable-authentication Modules ... · UNIX Authentication and Pluggable-authentication Modules (PAMs) Russell Bateman Description of UNIX authentication,

Documents
Proxychain: Developing a Robust and Efficient …...Measured Throughput (cps) Offered Load (cps) No Authentication Digest Authentication The Problem: Digest Authentication Performance

Proxychain: Developing a Robust and Efficient …...Measured Throughput (cps) Offered Load (cps) No Authentication Digest Authentication The Problem: Digest Authentication Performance

Documents
Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/0672323168/index/howesindex.pdf · Using Digest Authentication as a SASL Mechanism) ... 10, 88 designing, 427–431

Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/0672323168/index/howesindex.pdf · Using Digest Authentication as a SASL Mechanism) ... 10, 88 designing, 427–431

Documents
HTTP Authentication: Basic and Digest Access … Authentication: Basic and Digest Access Authentication ... 3 Digest Access Authentication Scheme ... 4.11 Batch brute force attacks

HTTP Authentication: Basic and Digest Access … Authentication: Basic and Digest Access Authentication ... 3 Digest Access Authentication Scheme ... 4.11 Batch brute force attacks

Documents
On the construction of digest functions for manual ...On the construction of digest functions for manual authentication protocols Long Hoang Nguyen and Andrew William Roscoe Oxford

On the construction of digest functions for manual ...On the construction of digest functions for manual authentication protocols Long Hoang Nguyen and Andrew William Roscoe Oxford

Documents
1 Digest Authentication Herng-Yow Chen. 2 Outline Theory and practice of digest authentication. The improvement of Digest Authentication

1 Digest Authentication Herng-Yow Chen. 2 Outline Theory and practice of digest authentication. The improvement of Digest Authentication

Documents
Authentication User Authentication - Cypherpunks

Authentication User Authentication - Cypherpunks

Documents
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP

Documents
Secure&Disseminaonof&Datain& Vehicle4to4Vehicle&Systems · - Digest(AB Modules), - Resources: authentication code + CA certificate, ... C. Paar, A.Poschmann, S. Kumar, L. Uhsadel,

Secure&Disseminaonof&Datain& Vehicle4to4Vehicle&Systems · - Digest(AB Modules), - Resources: authentication code + CA certificate, ... C. Paar, A.Poschmann, S. Kumar, L. Uhsadel,

Documents
PKI for Electronic Commerce · Policy Security & Policy Web Content & Applications Web Content ... • Sign-on to Web servers via Basic Authentication, Digest Authentication, and

PKI for Electronic Commerce · Policy Security & Policy Web Content & Applications Web Content ... • Sign-on to Web servers via Basic Authentication, Digest Authentication, and

Documents
Consolidated Financial Statements for Holding Companies—FR Y-9C/media/Files/C/CitizensBank-IR/... · CONF Providence RI 02903 CONF CONF CONF CONF Holding companies must maintain

Consolidated Financial Statements for Holding Companies—FR Y-9C/media/Files/C/CitizensBank-IR/... · CONF Providence RI 02903 CONF CONF CONF CONF Holding companies must maintain

Documents
[MS-APDS]: Authentication Protocol Domain Support · Security (TLS), and Digest authentication. APDS is used by NT LAN Manager (NTLM) and the APDS is used by NT LAN Manager (NTLM)

[MS-APDS]: Authentication Protocol Domain Support · Security (TLS), and Digest authentication. APDS is used by NT LAN Manager (NTLM) and the APDS is used by NT LAN Manager (NTLM)

Documents
APIx Documentation - Read the Docs · –RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication –RFC 2388 - Returning Values from Forms (multipart/form-data) –RFC

APIx Documentation - Read the Docs · –RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication –RFC 2388 - Returning Values from Forms (multipart/form-data) –RFC

Documents
Oracle® Communications Core Session Manager Digest User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 SIP

Oracle® Communications Core Session Manager Digest User Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13 SIP

Documents
Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication

Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication

Documents
REPORT ON THE ASSESSMENT OF CYBER SECURITY OF VIDEO … · 2021. 1. 18. · 12 Authentication algorithm HTTP-Digest HTTP-Digest 13 Automatic update feature Present, but not functioning

REPORT ON THE ASSESSMENT OF CYBER SECURITY OF VIDEO … · 2021. 1. 18. · 12 Authentication algorithm HTTP-Digest HTTP-Digest 13 Automatic update feature Present, but not functioning

Documents
1 Chapter 4 Key Topics Asymmetric Key Cryptography –RSA –ElGamal Schnorr DSS Message Digest –MD5 –SHA-1 Message Authentication Code (MAC)

1 Chapter 4 Key Topics Asymmetric Key Cryptography –RSA –ElGamal Schnorr DSS Message Digest –MD5 –SHA-1 Message Authentication Code (MAC)

Documents
WearIA: Wearable Device Implicit Authentication based …spirit.cs.ucdavis.edu/pubs/conf/yunze-wowmom17.pdf · WearIA: Wearable Device Implicit Authentication based on Activity Information

WearIA: Wearable Device Implicit Authentication based …spirit.cs.ucdavis.edu/pubs/conf/yunze-wowmom17.pdf · WearIA: Wearable Device Implicit Authentication based on Activity Information

Documents
A Ticket Based Binding Update Authentication Method for …dl.ifip.org/db/conf/euc/eucw2007/You07.pdf · 2014-08-11 · A Ticket Based Binding Update Authentication Method for Trusted

A Ticket Based Binding Update Authentication Method for …dl.ifip.org/db/conf/euc/eucw2007/You07.pdf · 2014-08-11 · A Ticket Based Binding Update Authentication Method for Trusted

Documents
Study of Digest Authentication for SIP

Study of Digest Authentication for SIP

Documents
Crestron Enterprise Management Platform Installation … Security with Basic Authentication, Windows Authentication, Digest Authentication, Client Certificate Mapping Authentication,

Crestron Enterprise Management Platform Installation … Security with Basic Authentication, Windows Authentication, Digest Authentication, Client Certificate Mapping Authentication,

Documents
DAHUA HTTP API FOR DVR Version 1 - Planet Seguridad · The Dahua video product supplies two authentication ways: basic authentication and digest authentication. If the http request

DAHUA HTTP API FOR DVR Version 1 - Planet Seguridad · The Dahua video product supplies two authentication ways: basic authentication and digest authentication. If the http request

Documents