HttpDigestAuthProvider (security.providers.httpauth) Configuration

Http digest authentication security provider

Type: io.helidon.security.providers.httpauth.HttpDigestAuthProvider

Config key
http-digest-auth
Copied

This type provides the following service implementations:

  • io.helidon.security.spi.SecurityProvider

  • io.helidon.security.spi.AuthenticationProvider

Configuration options

Optional configuration options
keytypedefault valuedescription
algorithm

Algorithm (MD5)

MD5

Digest algorithm to use.

nonce-timeout-millis

long

86400000

How long will the nonce value be valid. When timed-out, browser will re-request username/password.

optional

boolean

false

Whether authentication is required. By default, request will fail if the authentication cannot be verified. If set to false, request will process and this provider will abstain.

principal-type

SubjectType (USER, SERVICE)

USER

Principal type this provider extracts (and also propagates).

qop

Qop (NONE, AUTH)

NONE

Only AUTH supported. If left empty, uses the legacy approach (older RFC version). AUTH-INT is not supported.

realm

string

Helidon

Set the realm to use when challenging users.

server-secret

string

 

The nonce is encrypted using this secret - to make sure the nonce we get back was generated by us and to make sure we can safely time-out nonce values. This secret must be the same for all service instances (or all services that want to share the same authentication). Defaults to a random password - e.g. if deployed to multiple servers, the authentication WILL NOT WORK. You MUST provide your own password to work in a distributed environment with non-sticky load balancing.

users

ConfigUser[]

 

Set user store to obtain passwords and roles based on logins.