digest auth fails using postman on marklogic that runs a digestbasic app server

1
votes

I am trying to develop some custom rest api in MarkLogic and want to use postman(chrome plugin) REST Client to do some testing.

I have setup postman to make a GET call to a existing REST endpoint of MarkLogic. Seems I cant get the digest auth to work when running from Postman...?

Postman call exported in curl :

curl -X GET -H "Authorization: Digest username="admin", realm="", nonce="", uri="/users", response="71ecc7a954d031fa5eb02a45f258f37d", opaque=""" -H "Cache-Control: no-cache" -H "Postman-Token: 745c4f5f-34d5-075c-6011-ef54e88588fd" 'http://cluey-app-ml1:8050/users'

If I do the same curl command directly from the terminal, but without the postman specific stuff, that works:

curl -v --digest --user admin:admin -X GET -H 'Content-Type: application/json' 'http://cluey-app-ml1:8050/users'
* Hostname was NOT found in DNS cache
*   Trying 192.168.178.113...
* Connected to cluey-app-ml1 (192.168.178.113) port 8050 (#0)
* Server auth using Digest with user 'admin'
> GET /users HTTP/1.1
> User-Agent: curl/7.35.0
> Host: cluey-app-ml1:8050
> Accept: */*
> Content-Type: application/json
> 
< HTTP/1.1 401 Unauthorized
* Server MarkLogic is not blacklisted
< Server: MarkLogic
< WWW-Authenticate: Digest realm="public", qop="auth", nonce="c2e2f63fa5f8674884388a22f6dc6bec", opaque="8ed963a93f01cd6d"
< Content-Type: text/html; charset=utf-8
< Content-Length: 209
< Connection: Keep-Alive
< Keep-Alive: timeout=5
< 
* Ignoring the response-body
* Connection #0 to host cluey-app-ml1 left intact
* Issue another request to this URL: 'http://cluey-app-ml1:8050/users'
* Found bundle for host cluey-app-ml1: 0x1ee5990
* Re-using existing connection! (#0) with host cluey-app-ml1
* Connected to cluey-app-ml1 (192.168.178.113) port 8050 (#0)
* Server auth using Digest with user 'admin'
> GET /users HTTP/1.1
> Authorization: Digest username="admin", realm="public", nonce="c2e2f63fa5f8674884388a22f6dc6bec", uri="/users", cnonce="OWZkYzE5OTI2OWJmYmVjZDAwMGI5ZWUzMDAwMTcxNTg=", nc=00000001, qop=auth, response="d88c8094402c2b2225eb11ba0d0ece88", opaque="8ed963a93f01cd6d"
> User-Agent: curl/7.35.0
> Host: cluey-app-ml1:8050
> Accept: */*
> Content-Type: application/json
> 
< HTTP/1.1 200 OK
* Server MarkLogic is not blacklisted
< Server: MarkLogic
< Content-Type: application/json; charset=UTF-8
< Content-Length: 512
< Connection: Keep-Alive
< Keep-Alive: timeout=5
< 
* Connection #0 to host cluey-app-ml1 left intact
[{"user":{"id":"952187958352252312", "name":"hugo5", "description":"sccss generated user"}}, {"user":{"id":"1585487239190988150", "name":"jimmy", "description":""}}, {"user":{"id":"7026453114226409808", "name":"joe", "description":""}}, {"user":{"id":"952187958274822997", "name":"hugo4", "description":"sccss generated user"}}, {"user":{"id":"952187958197393682", "name":"hugo3", "description":"sccss generated user"}}, {"user":{"id":"952187958119964367", "name":"hugo2", "description":"sccss generated user"}}]

UPDATE [2] What seems strange that from the terminal is seems that curl first also fails with a 401 but tries again and then succeeds???

So digest works from the terminal, now I need to find the exact settings for postman to match...when in postman selecting digest auth I get a ton of options...

Connection       Keep-Alive
Content-Length   209
Content-Type     text/html; charset=utf-8
Keep-Alive       timeout=5
Server           MarkLogic
WWW-Authenticate Digest realm="public", qop="auth", nonce="c33989a614d57699abb0d0bf6d6ca56d", opaque="8b7438e3f6432e3e"

Questions: 1) Can anyone confirm they have succesfully used Postman against a Marklogic 8 app serverrunning digest authentication and succeeded? 2) Can anyone point me to the right parameters to be set in Postman for a succesfull call to MarkLogic?

hugo

2
curlbasic-authenticationmarklogicpostman
Hugo, see some other comments below Geert's post. But also please keep in mind that when testing that if you try digest, then basic, then digest again,the step from basic to digest may have invalidated the passwords. the link in your post above explains it under the digest section. This does not sound like root cause for you - but I just thought I would mention it as it can confuse the situation even more. - David Ennis
facing similar issue. It seems that your app/server has Http Digest Auth implemented correctly (based on your curl logs) . Usually http clients will automatically do authentication if credentials are provided or give you popup in case of Browsers.Authentication process may require multiple HTTP requests which are seamlessly made by most clients (This is apparent in your logs as well, in first request server challenged back with 401 and curl made second request automatically as it already had creds ). The problem is with postman unlike most clients its not making that second request. - Raja Ehtesham

2 Answers

2
votes

Basic authentication is not enabled by default on MarkLogic HTTP app servers. Switch it from digest to digestbasic or basic.

HTH!

1
votes

In addition to Geert's reply, you may find this article from Gary Russo interesting. Section 7 even shows how to to use the header value if you want app-level security.