Consume REST Services with Digest Authentication

Hi, I am trying to connect to a REST API with Digest Authentication. I am trying to replicate a PUT request from using the following sample curl request - curl -v --digest --user *****:***** -H "Content-Type: application/xml" -X PUT -d '<person><first>John</first><last>Doe</last></person>' "http://localhost:8003/v1/documents?uri=/docs/person.xml"   I have implemented a dummy GET request to get the WWW-Authenticate response header value   I have tried to append the Username to this header and use it with a GET request immediately after that. But the response says unauthorized in all the combinations I've tried. Any pointers ?   Regards, Kshitij
2 answers

Hi Kshitij,

So you were far on your way. I made a testcase tonight against the postman-echo service available for test purposes to test rest calls of which digest auth is one.(See informative urls below)

So I build a microflow(see modelshare below) which basically does the first request to the postman-echo service acquiring the authentication details. I then get the header "WWW-Authenticate" from the 401 result which consists in my case out of the following string:

"Digest realm="Users", nonce="Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9", qop="auth"".

After extracting necesairly values i then go calculating the hashes. I created a java action for this with the following line of code:

return org.apache.commons.codec.digest.DigestUtils.md5Hex(stringToMd5);

After i've implemented this I can start with the first part, username in this case is "postman" and pass is "password". You can find the information for this call in the Url's below.

HA1= md5(user:realm:password)
= md5(postman:Users:password)
= d38e52b6bfcc38db1b146835e4e78d4a

then i go calculate the 2nd hash

HA2= md5(method:uri)
= md5(GET:/digest-auth)
= d44208d61728db39ce092dd4d9a3e278

Then as last i calculate the final response value to return with the authentication string:

Response= md5(ha1:nonce:ha2) = md5(d38e52b6bfcc38db1b146835e4e78d4a:Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9:d44208d61728db39ce092dd4d9a3e278)

Now we're ready to setup the authtentication string. In this case that would be:

Digest username="postman", realm="Users", nonce="Vcu7QjWhsj5zJbkAo6KSgxFqK0FFVks9", uri="/digest-auth", response="2113c6a0a925b5a101ab2d85e05b7031", opaque=""

And voila:


I hope this helps you on the way.





Hi Kshitij,

Could the solution suggested by Faried in the following topic help you?

He basically suggest combining username and pass in a md5 hashed string and add this combination to the header for authentication.