Digest authentication in Katalon Studio
Requirements
Katalon Studio version 9.7.0 onwards.
What is Digest authentication?
Digest authentication is an HTTP-based authentication protocol that enhances security by using MD5 cryptographic hashing and a nonce value to prevent replay attacks. Unlike Basic authentication, it transmits a hash of the username and password, ensuring that these credentials are not sent in plaintext over the network. While it secures the authentication credentials, the actual body of the HTTP message remains unencrypted unless Secure Sockets Layer (SSL) is used.
Supported fields in Katalon Studio
| Name | Description |
|---|---|
| Username | The username of the account used to authenticate. |
| Password | The password of the account used to authenticate. |
| Realm | A string specified by the server in the WWW-Authenticate response header. It should include the name of the host performing the authentication and may also indicate the group of users who might have access. |
| Nonce | A unique string specified by the server in the WWW-Authenticate response header to prevent replay attacks. |
| Algorithm | A string that indicates a pair of algorithms used to produce the digest and a checksum. Value list:
|
| qop | The "quality of protection" applied to qop the message. The server specifies this value in the WWW-Authenticate response header.Value list:
|
| Nonce Count | The hexadecimal count of the number of requests (including the current request) that the client has sent with the nonce value. This must be specified if a qop directive is sent, and must not be specified if the server did not send a qop directive in the |
| Client Nonce | An opaque quoted string provided by the client and used by both the client and server to prevent chosen plaintext attacks, ensure mutual authentication, and maintain message integrity. This must be specified if a qop directive is sent, and must not be specified if the server did not send a qop directive in the |
| Opaque | A string of data specified by the server in the WWW-Authenticate response header, intended to be used unchanged across URIs within the same protection space. It is recommended that this string be in base64 or hexadecimal data. |
Use Digest authentication in Katalon Studio
- In the Authorization tab of a web service request, set the Type as Digest.
- Choose how to handle the authentication process:
Retry request automatically
Katalon Studio will handle the digest authentication process automatically. It extracts necessary values from the first response and uses them for the second request.
Retry request manually
If you choose to handle the authentication manually, the Advanced Configuration section will appear. You need to manually send the first request, then use the information from the response to fill in the Advanced Configuration fields before sending the second request.
