Scram Sha Client Authentication Example

This example provide a simple java based ScramSha256 HTTP client for authenticating with a Niagara 4.0 station. HTTP digest requires that the server store passwords in a reversible form. This goes against security best practices for storing credentials and is not supported by the standard Niagara station digest authentication scheme.

The ScramSha256Client provided is a condensed form and is missing a few optimization that the may prove to be beneficial.

In the AuthClientExample class is a reference to an inner class called the TrustModifier class. This class is for demonstration purposes only and SHOULD NOT be used in production under any circumstance. It may be tempting to say “It’s not that big of a deal!” That would be completely incorrect and use of the class completely invalidates the use of TLS since identity can no longer be trusted (non-repudiation).

The main argument for the example is of the form http[s]://<username>:<password>@<host>[:<port>] [<client_type>]. If the username or password uses any reserved html characters, make sure they are url encoded.

client_type can be ax, n4, or n4header. Default is n4header. n4header refers to the header authentication mechanism added in Niagara 4.4. This mechanism is not supported in N4 stations prior to 4.4. n4 client_type should be used for pre-4.4 stations.

References

Sample Code

The example code with supporting gradle scripts can be found in the dev/authClientExample folder of the downloaded image.