Enabling Digest Authentication
-----------------------------------
Affected Roles: Administrator, Owner
Related Digital Watchdog VMS Apps: DW Spectrum IPVMS
Complexity: Medium
Software Version: DW Spectrum v5.0
Last Edit: August 20, 2024
-----------------------------------
Security Authentication
With the release of DW Spectrum IPVMS v5.0, the default authentication method for user connection to the Server was upgraded from using “Digest Authentication” to using “Bearer Authentication”. While Bearer Authentication is the recommended setting, some applications may not be capable of supporting it, such as with some embedded video players.
This article will outline where to re-enable the Digest Authentication feature for a DW Spectrum user profile.
**NOTE: When using Digest Authentication for 3rd party applications, it is mandatory to use lowercase credentials with no special characters. Custom authentication settings are only available for Local User profiles.
**NOTE: The option for Digest Authentication is only available for DW Spectrum IPVMS Version 5.0.
Bearer (Token) Authentication vs Digest Authentication
Before you decide to switch from using the default Bearer Authentication to using Digest Authentication, here are their primary differences:
- Bearer Authentication – [default setting] an authentication scheme that uses security tokens, also known as “bearer tokens”, to identify and authorize HTTP communication between devices. The “token” comes in the form of an encrypted string that is generated by the DW Spectrum Server upon receiving an authentication/login request.
- Digest Authentication – [former/old setting] an authentication scheme that uses MD5 hashing to ensure that usernames, passwords, HTTP connections, and URL requests are not sent to the DW Spectrum Server in plaintext. Digest Authentication is a more complex form of authentication because, for every API call/request, the connecting Client must make a new MD5 hash of the username, realm, and password each time.
Using Digest Authentication
The above authentication methods are determined by the administrator for each user when creating their local user profile/account on the DW Spectrum Server.
Use the following steps to enable Digest Authentication for a user:
- Log in to the DW Spectrum Server as the Owner or as an Administrator user with the DW Spectrum Client.
- Open the Users menu.
- If you are editing an existing user profile, click on the existing user profile.
- If you are creating a new user profile, click the New User button and select “Local” as the User Type. Complete the User Information form for the new user before proceeding.
**NOTE: For instructions on adding a new user, you may refer to the article - Adding New Users and Assigning Roles.
- The User Settings window will open.
At the bottom of the User Information, click on the three vertical dots (collapsible toggle) and select “Allow digest authentication for this user”.
- A red band will then display disclosing that the user can now use Digest Authentication.
A password reset will be required.
- Password – create a new password for the Local User. When using Digest Authentication for 3rd party applications, it is mandatory to use lowercase credentials with no special characters.
- Confirm Password – re-enter the new password for the Local User.
Click the Apply button to save the changes, then click on OK to close the User Settings window.
Repeat these steps as needed for each individual user profile that needs to change to using Digest Authentication.
**NOTE: Users that are connected with the changed user account will be disconnected and reconnected.
For More Information or Technical Support
DW Technical Support: 866.446.3595
https://www.digital-watchdog.com/contact-tech-support/
______________________________________________________________________________
DW Sales: 866.446.3595 [email protected] www.digital-watchdog.com