Running Business Processes and Composite Applications 10.4 | Running Business Processes and Composite Applications | webMethods Integration Server Administrator’s Guide | Authenticating Clients | Digest Authentication
 
Digest Authentication
Integration Server supports digest authentication by processing the digest authentication credentials presented in HTTP headers. Integration Server also uses digest authentication credentials passed in web service headers to authenticate web service consumers that access an Integration Server–hosted web service. Integration Server can also send digest authentication credentials while calling third-party web services.
The password digest is a hash of the nonce, the creation time, and the password. When using digest authentication, when a client attempts to access Integration Server, Integration Server requests the client to send a password digest by concatenating the password with the nonce and the creation time. Upon receiving the password digest, Integration Server verifies the data and authenticates the client. If the password digest sent by the client matches with the password digest created by the server, the server proceeds with the request. If the password digests does not match, the server rejects the request.
To use digest authentication, you must configure the user for digest authentication while creating the user in Integration Server Administrator. You must also configure ports to use password digest for authentication of client requests. A port that is configured to use password digest for authentication of client requests will process a request from a user only if the user is configured to allow password digest for authentication.
For more information about configuring a user for digest authentication, see Adding User Accounts.

Copyright © 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release