OpenEdge 11.7 PASOE runs with Tomcat 8.5, which works differently from Tomcat 7 used by OpenEdge 11.6 PASOE run upon Tomcat 7.
To enabled digested password in 11.6 refer instead to Article:
To enabled a digested password in 11.7 PASOE1. Edit
<catalina_base>/conf/server.xml1.1 Turn off default
userdatabaseExample:
<!-- feature:begin:UserDatabase:off
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
feature:end:UserDatabase:off -->
1.2 Add new
userdatabase:
Example:
- Here pbkdf2 is FIPS compliant and also the strongest Tomcat can support for now (8/21/2018).
- The more iterations defined the slower it will be to calculate the password.
<!-- feature:begin:UserDatabase-pbkdf2:on -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" >
<CredentialHandler className="org.apache.catalina.realm.SecretKeyCredentialHandler"
algorithm="PBKDF2WithHmacSHA512"
iterations="10000"
saltLength="16"
keyLength="256" />
</Realm>
<!-- feature:end:UserDatabase-pbkdf2:on -->
1.3 Generate the digested password.
Example:
- The parameters used in generating the password need to be exactly the same in server.xml
- In example above "password" is the example plain-text password.
$DLC/servers/pasoe/bin/digest.sh -a PBKDF2WithHmacSHA512 -i 10000 -s 16 -k 256 -h "org.apache.catalina.realm.SecretKeyCredentialHandler" password
2. Edit
<catalina_base>/conf/tomcat-user.xml2.1 Enable new digested password
Example:
<!-- start_dev_accounts -->
<user username="tomcat" password="06b3cdec865badb773079ad2d57cffb3$10000$ed609fafbf57e1bd89d135a795a2c69c93a4389474aba86840fdefb2474bc90f" roles="ROLE_PSCAdmin,ROLE_PSCOper,ROLE_PSCUser" />
