[security-dev] Undertow / IdentityManager and Digest Authentication

Darran Lofthouse darran.lofthouse at jboss.com
Wed May 1 02:50:26 EDT 2013


Here is another scenario I would like to verify.

So far from what I have seen regarding the Credentials stored by 
PicketLink IDM my perception is that the stored Credential is very 
closely related to the authentication mechanism that will be used.

So for a set-up where we know that Digest authentication is going to be 
used we may store a couple of pre-prepared digests.

Is this stored Credential now available for username / plain text 
password authentication i.e. Could a web application be deployed with 
FORM auth and verify a credential with a plain text password even though 
it is a prepared digest stored?

Regards,
Darran Lofthouse.



More information about the security-dev mailing list