Enabling Digest Authentication

-----------------------------------

Affected Roles: Administrator, Power Users

Related Digital Watchdog VMS Apps: DW Spectrum Professional

Software Version: DW Spectrum v6.1

Last Edit: January 27, 2025

-----------------------------------

Security Authentication

Upon the release of DW Spectrum Professional v5.0 (June 2022), the default authentication method for user connection to the Server was upgraded from using “Digest Authentication” to using “Bearer Authentication”. Bearer Authentication is now the default setting and is recommended instead of using the deprecated Digest Authentication method.

Some applications may not be capable of supporting it, such as with some embedded video players.

This article will outline where to re-enable the Digest Authentication feature for a DW Spectrum user profile.

**NOTE: When using Digest Authentication for 3rd party applications, it is mandatory to use lowercase credentials with no special characters. Custom authentication settings are only available for Local User profiles.

**NOTE: The option for Digest Authentication is only available for local user profiles.

IMPORTANT: While Digest Authentication may still work with DW Spectrum Professional, it is no longer a recommended form of cybersecurity and is not guaranteed to function in future version. For more information, you can refer to the article DW Spectrum – Phasing Out Digest Authentication.

Bearer (Token) Authentication vs Digest Authentication

Before you decide to switch from using the default Bearer Authentication to using Digest Authentication, here are their primary differences:

Bearer Authentication – [default setting] an authentication scheme that uses security tokens, also known as “bearer tokens”, to identify and authorize HTTP communication between devices. The “token” comes in the form of an encrypted string that is generated by the DW Spectrum Server upon receiving an authentication/login request.
Digest Authentication – [former/old setting] an authentication scheme that uses MD5 hashing to ensure that usernames, passwords, HTTP connections, and URL requests are not sent to the DW Spectrum Server in plaintext. Digest Authentication is a more complex form of authentication because, for every API call/request, the connecting Client must make a new MD5 hash of the username, realm, and password each time.

Changes with Version 6.1

Standard Security Level

In version 6.1, Digest Authentication is still available if your system is set to the “Standard” security level for local user accounts.
- Security configuration is performed during the initial system configuration process, when the DW Spectrum System is initially created, in Advanced System Settings > Security Level.
In version 6.1, Digest Authentication is removed if your system is set to the Standard security level for Cloud User accounts.
Local User accounts can still be created with Digest Authentication, both in upgraded systems and in new installations.
If you create a user profile with Digest Authentication in version 6.1, you will see a warning (like version 6.0) stating that Digest Authentication will be disabled in the next major version.

High Security Level

In version 6.1, Digest Authentication is disabled if your system is set to the Standard security level for local user accounts.
In version 6.1, Digest Authentication is removed if your system is set to the Standard security level for cloud user accounts.
Exiting users configured with Digest Authentication will no longer be able to log in or authenticate API requests.

Using Digest Authentication

Local User Settings

The following authentication methods are determined by the Administrator for each user when creating their local user profile/account on the DW Spectrum Server.

Use the following steps to enable Digest Authentication for a user:

Open the User Management menu.

The User Settings window will open.
- If you are configuring an existing user profile, select and edit the existing user profile.
- If you are creating a new user profile, click the Add User button and select “Local” as the User Type. Complete the User Information form for the new user before proceeding.

Select the Local user tab and enable the checkbox for “Allow insecure (digest) authentication”.

A notification banner will then display disclosing that Digest Authentication is deprecated.

A password reset will be required.

Password – create a new password for the Local User. When using Digest Authentication for 3rd party applications, it is mandatory to use lowercase credentials with no special characters.
Confirm Password – re-enter the new password for the Local User.

Click the Add User button or Apply button (relevant to your case) to save the changes, then click on OK to close the User Settings window.

Repeat these steps as needed for each individual user profile that needs to change to using Digest Authentication.

When viewing the User Management menu, you can filter between “All Users” and “Users with Digest Authentication” using the dropdown menu at the top of the users list.

API and HTTP Functionality

To allow API and HTTP functions to work on DW Spectrum Version 6.1:

Use a web browser to access the server’s web GUI and log in as the “admin” user.

https://<Server IP>:7001/#/settings/advanced

Example: https://127.0.0.1:7001/#/settings/advanced

Open the Settings menu and view the General tab.

Press the CTRL+F keys to open the browser search function, and search for “deprecated”.
Enable the desired API and/or HTTP functions for the Server.
Save the changes before exiting.

______________________________________________________________________________

For More Information or Technical Support

DW Technical Support: https://www.digital-watchdog.com/contact-tech-support/

DW Sales: sales@digital-watchdog.com | www.digital-watchdog.com

Related to