Can J2ME use Digest-MD5 Authentication?

We are writing a Java application with J2ME for cellphones which will use Microsoft MapPoint.net services that requires Digest-MD5 Authentication. Can J2ME use Digest-MD5 Authentication?

Well, you can either implement it yourself or take a look at :
http://java.sun.com/products/jce/
You will probably not want the whole package, but I think you can have access to the sources, so... :-)
Anthony

Similar Messages

  • AD authentication using DIGEST-MD5: users have to reset password?

    We are using DIGEST-MD5 to authenticate users against Active Directory. Our application ask users for user name and password and pass them to the attached java code. The strange thing is that it works for about 98% of users and it won't work for 2% of users. For those 2% of users, they can login into our domain but the same password won't work for our application.
    We have found the workaround will be to ask those users to change their Windows password and after that they will be able to login.
    My question is why= changing a user's password will make a difference for those 2% users? I am really puzzled.
    Thanks!
    try {
    Hashtable authEnv = new Hashtable();
    //set security credentials, note using DIGEST-MD5
    //Requires user account to be stored with reversible encryption
    authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    authEnv.put(Context.PROVIDER_URL, ldapURL);
    authEnv.put(Context.REFERRAL,"follow"); // required
    authEnv.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
    authEnv.put(Context.SECURITY_PRINCIPAL, creds.getUsername());
    authEnv.put(Context.SECURITY_CREDENTIALS, creds.getPassword());
    DirContext ctx1 = new InitialLdapContext(authEnv,null);
    } catch (Exception ex) {
    logger.info("Error authenticating user " + creds.getUsername(), ex);
    throw new AuthenticationException("Authentication Failed for user " + creds.getUsername());
    }

    Make sure which version of AD you are using: AD 2000 or AD 2003. For AD 2000, reversible encryption is required and it's not secure. That's why lots administrators do not like it. But for AD 2003, there is no need for password to be stored in reversible way. But there is limitation as to the client application. What works for AD 2000 may not work for AD 2003. For details, you can check the link below:
    http://www.forumeasy.com/forums/thread.jsp?tid=115170863235&fid=ldapprof5&highlight=Why+DIGEST-MD5+Authentication+Does+Work
    which summarized all working and not-working cases of Digest-Md5 authentication for SunOne, AD 2000 and AD 2003. It's quite informative.

  • Are there any known issues concerning using DIGEST-MD5 SASL authentication with iPlanet Directory Server 5.0 on Windows NT 4.0?

    I am developing support for the DIGEST-MD5 sasl mechnism on a c-ldap client. I am using the evaluation version of the iPlanet Directory Server 5.0 which lists DIGEST-MD5 as a supported SASL mechanism. The server is running on NT 4.0 After installing the Directory Server with the test database, a changed the passwordStorageScheme from the default of SSHA to clear text. I then added my test user. When I run my test I always get back a resultCode of 49 (invalidCredentials). The digest-challenge I receive from the server and my digest-response are shown below. I have satisfied myself that the calculation of the response directive in the digest response is correct. Does anyone see any problems in the digest response or have any other suggestions? Is there a known problem with the iPlanet Directory Server 5.0?
    digest-challenge:
    realm="BGB2.ndp.provo.novell.com",nonce="Ed8UPLXsWaC6CN",qop="auth",algorithm=md5-sess,charset=utf-8
    digest-response:
    username="uid=bgbrown,ou=people,dc=siroe,dc=com",realm="BGB2.ndp.provo.novell.com",cnonce="A9IuPJKr30RiwL",nc=00000001,qop=auth,digest-uri="ldap/BGB2.ndp.provo.novell.com",response=97061205298e5ebaf206c8ac3598fdce,charset=utf-8,nonce="Ed8UPLXsWaC6CN"

    Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
    example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
    The server also accepts a simple uid value.
    example: username="bgbrown"

  • Can you use Multi Factor Authentication server with Central NPS and RD Gateway?

    Hi,
    Does anyone have any experience getting the Azure Multi-Factor Authentication (MFA) on-premise server, working with a Remote Desktop Gateway server, and a centralised NPS server?  I can get a solution whereby a user can get the second token (phone call/sms
    etc.) but the connection never gets established.  It looks like its looping as it repeats the phone call/text for a second time but again no connection.  I can’t figure out why.
    All the blogs are very vague as to whether you can combine a new MFA NPS connection policy with an existing username/group membership NPS policy on a centralised NPS server (with RAP/CAP policies).
    I need to understand whether we can combine both an MFA Radius policy with a Username/Password plus group membership NPS policy together to achieve two factor authentication.
    Do you have the Remote Desktop Gateway Server connect to the Central NPS server and then the NPS server use the MFA server as its proxy server? In effect turning the NPS server into a proxy Radius server?  
    Or do you configure the Remote Desktop Gateway server to use the MFA server as the proxy Radius server, and configure the MFA server to send on Radius requests to the central NPS server?
    Or either of these scenarios not supported and you can only use the MFA server as the only Radius server in the auth. process? (bypassing NPS policies?)
    Thanks if someone can assist,
    I’ve been using these blogs but to no successful effect:
    http://technet.microsoft.com/en-us/library/dn394287.aspx
    http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/
    http://dave.harris.uno/installing-and-configuring-azure-multi-factor-authentication-mfa/

    Hi Michael,
    Thank you for posting in Windows Server Forum.
    After going through your description, I can say that we can use MFA server with central NPS and RD Gateway. Also the link which you have provided points the step to apply. In addition you can refer below article.
    Configure Remote Desktop Gateway to use Multi-Factor AuthenticationConfigure Remote Desktop Gateway to use Multi-Factor Authentication 
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

  • Can I use NT domain authentication through JAVA?

    I have an web application.To use it I am asking the
    user for username and password....I match these with
    the username and password with strings written in a file.
    Now the requirement is the user must be authenticated not
    in this manner. Any user who is a valid user in an NT domain can access the subsequent pages....Is it possible??? plz reply soon

    Hi,
    I don't know if it's possible with Windows NT4.
    However, if you are using Windows 2000, then you can use JNDI for accessing the Active Directory.
    HTH,
    Frank

  • SASL DIGEST-MD5

    Did anybody have any problem with using DIGEST-MD5 with iPlanet running on a 2000 Advanced Server?
    I have no problem when iPlanet is running on 2000 Professional but always get the error 49 with message: "Internal authentication error." when trying to authenticate the user through SASL DIGEST-MD5. Simple authentication with the same credentials work fine.
    Looking at the LDAP packets I can see no differences, that makes me think that this is somehow related to the OS or iPlanet configuration.
    In both cases it was the same version iPlanet Server 5.1SP2 with default settings.
    BTW: It fails the same way with NT4SP6 Server.

    Michael,
    Sun ONE Directory Server 5.2 is not supported on Windows 2000 Professional. It is only supported on server versions of Windows 2000 (Server and Advanced Server).
    You should not have any problems running Directory Server on Windows 2000 Professional, though, but you should always keep in mind that the product has not been tested and is not supported on this platform.
    Bertold

  • AuthenticationException  in  DIGEST-MD5 in LDAP

    hi,
    when iam trying to use DIGEST-MD5 as Context.SECURITY_AUTHENTICATION it showingup the following Exception
    here is my code
    import javax.naming.*;
    import javax.naming.ldap.*;
    import javax.naming.directory.*;
    import java.util.Hashtable;
    import java.net.*;
    public class LdapAuth
    public static void main(String[] args)
    // Set up environment for creating initial context
    Hashtable authEnv = new Hashtable(11);
    String userName = "sm0013391";
    String passWord = "East321";
    String base = "ou=people,dc=company,dc=com";
    String dn = "sAMAccountName=" + userName + "," + base;
    authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    authEnv.put(Context.PROVIDER_URL, "ldap://company.com");
    authEnv.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5 ");
    authEnv.put(Context.SECURITY_PRINCIPAL, dn);
    authEnv.put(Context.SECURITY_CREDENTIALS, passWord);
    try {
    DirContext authContext = new InitialDirContext(authEnv);
    System.out.println("Authentication Success!");
    } catch (AuthenticationException authEx)
    System.out.println("Authentication failed!");
    authEx.printStackTrace();
    catch (NamingException namEx) {
    System.out.println("Something went wrong!");
    namEx.printStackTrace();
    }when i am run this program it shows..
    javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece ]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.InitialContext.<init>(InitialContext.java:195)
    at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
    at LdapAuth.main(LdapAuth.java:35)
    plz any one have idea on this..iam using j2sdk1.4.1
    is there any need to include any jar files to j2sdk1.4.1??? to run this
    need help onthis

    Why don't you at least look up RFC 2251 and understand what LDAP Error 49 really means ?
    If you look at the post titled JNDI, Active Directory & Authentication (part 3) (Digest-MD5) available at http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
    you will clearly see that submitting the distinguished name as the user's credential is not supported by Active Directory for Digest-MD5 authentication.

  • Can I use ISE IPN without posture for VPN with Base license only?

    I'm looking at ISE licensing, and both Base and Advanced licenses have VPN listed. I could not find any document that provides guideline for VPN implementation using ISE Base license only.
    1. Can I use ISE IPN (Inline Posture Node) functionality without posture assessment with ISE Base license only? (I know it has to be ISE hardware appliance, and I know that Posture assessment requires ISE Advanced license.)
    2. Do I have to use IPN for VPN deployment using ISE as the Radius server?
    3. If I do not have to use IPN for VPN, can I use ISE for Authentication and Authorization in the same way as I use ACS?
    Thanks,
    Val Rodionov

    Val,
    There is no need to consider IPN if you are not using posturing. You can use ISE much like ACS for radius authentication for vpn users.
    If posturing is down the road and your hope is to have an architecture in place and license later, then I am sure that you can use the ipn with base licensing, however I would strongle recommend working with the PDI (for partners) for help and confirmation.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • DOES WORKFLOW 2.6 INTEGRATE WITH OID & CAN IT USE DIGITAL SIGNATURES?

    We are currently implementing a standalone version of workflow 2.6 and would like to use digital signing along with it. Can it use OID for authentication and subsequently make use of signatures stored there?

    Hello Pranav:
    If your user infirmation is stored into 8i database tables you should be able to configure the Directory Integration tools built into OID 2.1.1.1 to migrate these users to OID. To get yourself up to OID 2.1.1.1 you must fisrt be at 2.1.1 which is bundled with Oracle 8.1.7 EE. Take a look at the Admin guide for 2.1.1.1. It has information about how to configure this.
    Thanks,
    Jay
    null

  • Using tls:sasl/DIGEST-MD5 with client authentication

    Hi
    Have installed a certificate on the server and enabled it. Using Netscape i got the cert7.db and key3.db
    These work with ldapsearch with -Z -p options to get data securely through port 636.
    But when i copy db file to /var/ldap on the Solaris 8 client, and use a profile with tls:sasl/DIGEST-MD5 or tls:simple
    i get :
    Mesg: Session error , no avalible connection. And openConnection: sasl/DIGEST-MD5 (or simple) bind failed - Invalid credentials.
    Must i use Certificate based Authentication instead?
    Like the proxyagent must have a certificate installed. Or is there something that must be done to the cert7.db and key3.db files i got from Netscape?

    Im trying to get sasl/DIGEST-MD5 to work with Solaris 9 client. This command work:
    ldapsearch -D "" -w test1234 -o mech=DIGEST-MD5 -o authid="dn:cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" -o authzid="dn:cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" -b "dc=net2,dc=kongsberg,dc=com" "(objectclass=*)"
    Client configured with this:
    ldapclient -v init -a profileName=default -a domainName=net2.kongsberg.com -a proxyDN="cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" -a proxyPassword=test1234 172.18.2.19
    Profile:
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com
    NS_LDAP_BINDPASSWD= {NS1}4a3788e8c053424f
    NS_LDAP_SERVERS= 172.18.2.19
    NS_LDAP_SEARCH_BASEDN= dc=net2,dc=kongsberg,dc=com
    NS_LDAP_AUTH= sasl/DIGEST-MD5
    NS_LDAP_SEARCH_REF= FALSE
    NS_LDAP_SEARCH_SCOPE= one
    NS_LDAP_SEARCH_TIME= 30
    NS_LDAP_PROFILE= default
    NS_LDAP_CREDENTIAL_LEVEL= proxy
    NS_LDAP_BIND_TIME= 10
    messages log on client:
    Jan 14 08:00:32 panzer ldap_cachemgr[904]: [ID 293258 daemon.error] libsldap: Status: 49 Mesg: openConnection: sasl/DIGEST-MD5 bind failed - Invalid credentials
    Jan 14 08:00:32 panzer last message repeated 1 time
    Jan 14 08:00:32 panzer ldap_cachemgr[904]: [ID 293258 daemon.error] libsldap: Status: 7 Mesg: Session error no available conn.
    error log on server:
    [14/Jan/2004:08:06:47 +0100] conn=1622 op=2 msgId=-1 - closing - U1
    [14/Jan/2004:08:06:47 +0100] conn=1623 op=-1 msgId=-1 - fd=47 slot=47 LDAP connection from 172.18.2.41 to 172.18.2.19
    [14/Jan/2004:08:06:47 +0100] conn=1622 op=-1 msgId=-1 - closed.
    [14/Jan/2004:08:06:47 +0100] conn=1623 op=0 msgId=1 - BIND dn="dn: cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" method=sasl version=3 mech=DIGEST-MD5
    [14/Jan/2004:08:06:47 +0100] conn=1623 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
    [14/Jan/2004:08:06:47 +0100] conn=1623 op=1 msgId=2 - BIND dn="dn: cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" method=sasl version=3 mech=DIGEST-MD5
    [14/Jan/2004:08:06:47 +0100] conn=1623 op=1 msgId=2 - RESULT err=49 tag=97 nentries=0 etime=0
    Not sure why i get Invalid credentials, the passwords
    are stored in CLEAR. And you can see i use the same in ldapsearch and ldapclient.

  • HOWTO Bind using SASL DIGEST-MD5?

    I haven't been able to bind to an LDAP server using SASL DIGEST-MD5
    using the Novell CSharp library. Can anyone explain how this is done,
    or point me to a code example?
    I can connect, bind, and search this LDAP server using Apache Directory
    Studio, so I know that my credentials are correct.
    Also, I have already used the Novell CSharp library for searching other
    LDAP servers using simple authentication, and SSL, but never SASL
    DIGEST-MD5.
    Thanks in advance for any help.
    danielnapierski
    danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
    View this thread: http://forums.novell.com/showthread.php?t=414964

    More than fifty people have read this post, but there are no replies as
    of yet. I'm going to interpret that as "SASL DIGEST-MD5 is not
    supported by the Novell CSharp library."
    danielnapierski;1995522 Wrote:
    > I haven't been able to bind to an LDAP server using SASL DIGEST-MD5
    > using the Novell CSharp library. Can anyone explain how this is done,
    > or point me to a code example?
    >
    > I can connect, bind, and search this LDAP server using Apache Directory
    > Studio, so I know that my credentials are correct.
    >
    > Also, I have already used the Novell CSharp library for searching other
    > LDAP servers using simple authentication, and SSL, but never SASL
    > DIGEST-MD5.
    >
    > Thanks in advance for any help.
    danielnapierski
    danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
    View this thread: http://forums.novell.com/showthread.php?t=414964

  • SASL's DIGEST-MD5 is causing the smtp authentication failure

    Hello,
    I've asked this question in JavaMail forums [at this link|http://kenai.com/projects/javamail/forums/forum/topics/2944-DIGEST-MD5-sasl-authentication-failing-after-verifying-rspauth] and was forwarded here.
    Basically, I'm trying to authenticate to the email server using JavaMail(latest source) via sasl's Digest-MD5.
    Problem: Looks like sasl's DigestMD5 implementation (com.sun.security.sasl.digest.DigestMD5Client) is returning a null after a successful authentication in evaluateChallenge(). The SMTPTransport thinks this is wrong and sends a "*" to server and the server responds with "Authentication aborted".
    The java doc for SaslClient's evaluateChallenge() says this..
    Returns: The possibly null reponse to send to the server. It is null if the challenge accompanied a "SUCCESS" status and the challenge only contains data for the client to update its state and no response needs to be sent to the server. The response is a zero-length byte array if the client is to send a response with no data.
    In this case, client do need to send a response with no data. I don't know if Digest-md5 implementation is generic and if it's behavior is correct.
    I appreciate any suggestions to solve this problem.
    Thanks

    Not an expert. Maybe you can read or debug into the exact place when the names are compared. Anyway, Java is open sourced now.

  • Reuse the LDAP connection when Using SASL DIGEST-MD5

    I have problem to use the same ldap connection for multiple SASL authenticaiton.
    step1, LDAPConection conn=new LDAPCo...
    conn.conect()..
    step2, do a SASL DIGEST-MD5, successfully get a challenge from server and server confirmation after the response is correct.
    step3, I want to use the same connection for another authetincation of different user, some how the server did not give back the challenge and reject the authenticaiton request again.
    So my question is how can we reuse the same connection for SASL authentication?
    Any switch or reset on the LDAP connection or the LDAP server has to be configured in some way to take multiple authentication using the same connection?

    More than fifty people have read this post, but there are no replies as
    of yet. I'm going to interpret that as "SASL DIGEST-MD5 is not
    supported by the Novell CSharp library."
    danielnapierski;1995522 Wrote:
    > I haven't been able to bind to an LDAP server using SASL DIGEST-MD5
    > using the Novell CSharp library. Can anyone explain how this is done,
    > or point me to a code example?
    >
    > I can connect, bind, and search this LDAP server using Apache Directory
    > Studio, so I know that my credentials are correct.
    >
    > Also, I have already used the Novell CSharp library for searching other
    > LDAP servers using simple authentication, and SSL, but never SASL
    > DIGEST-MD5.
    >
    > Thanks in advance for any help.
    danielnapierski
    danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
    View this thread: http://forums.novell.com/showthread.php?t=414964

  • What property is used to disable SASL's DIGEST-MD5 domain name check.

    I've read somewhere that I can prevent SASL's DIGEST-MD5 (maybe other mechanisms?) from checking that the hostname specified by the client exactly matches the hostname on the server. Apparently this option is useful in networks where DNS is not set up full and/or correctly.
    Thanks,
    Rowland

    Not an expert. Maybe you can read or debug into the exact place when the names are compared. Anyway, Java is open sourced now.

  • AuthenticationNotSupportedException :SASL support not available DIGEST-MD5 while using JNDI, SASL

    I am using JNDI to use the SASL mechanism to authenticate to the Iplanet Directory server 5.0, and get the above error.
    I have enabled clear text passwords, and then created a test user.Here is the code snippet
         envEnterprise.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
              envEnterprise.put(Context.SECURITY_PRINCIPAL,"test");
              envEnterprise.put(Context.SECURITY_CREDENTIALS,"changed");
    Can you please help me with where it is that I need to make the appropriate changes to get this working
    Thanks,
    sriad

    Sriad,
    I think that the SECURITY_PRINCIPAL field requires a DN and not just a user name. If you created the user using the directory server console, then you can get the DN if you open double-click on the user entry and click on the Advanced... button. The user's DN will probably start with uid=test,dc=...
    I hope this helps.
    Bertold

Maybe you are looking for

  • Blackberry 10.2 no default applications!

    Hello! I have BB z10 stl100-1. I downloaded autoloader from official site https://developer.blackberry.com/devzone/blackberry10devalpha/devalpha_update.html and updated my OS. Now I haven't a lot of applications: music, video, picture, calc, docs, fi

  • Trying to install 2 - Aironet 1300 Bridges... major problems

    I set up both ends of this bridge (about 1 mile apart) and I get an association, so I think I'm golden... well, I haven't been able to get the web gui ping/link test to work at all across them, so I upgraded to the 12.4 IOS on the main site, then wen

  • Photoshop Elements 9 / Premier Elements 9 - disc trouble

    Photoshop elements 9 / premier elem ents 9 disc stuck in drive - cannot load disc 2 is anyone else experiencing this?

  • Confusing problem with changing volume in alsa

    hello, i searched the forum and google, but didn't find anyone that has the same problem as me. My sound generelly works, BUT the most time i can't change the volume because there is no PCM in amixer / alsamixer / gnome volume control. But after a wh

  • What can replace distiller 6.0

    We are currently using Acrobat Distiller 6.0 to convert ps files to PDF on Windows server 2003. We are swithing to windows server 2008. What can we replace the 6.0 distiller.that will give us the same functionality.