This error BadValue: SCRAM-SHA-256 authentication is disabled
caused by the Mongo-atlas does NOT support SCRAM-SHA-256
, but does support SCRAM-SHA-1
.
Notably, MongoDB authentication protocols do not use SHA-1 as a raw hash function for passwords or digital signatures, but rather as an HMAC construction in, e.g., SASL SCRAM-SHA-1. While many common uses of SHA-1 have been deprecated or sunset by standards organizations, these do not typically apply to HMAC functions.
Generally speaking, this error happendd on the user mms-automation
or mms-monitoring-agent
. Both of them are used for Atlas internal tasks including monitoring.
The source of this message is that mms-automation user initially attempts authentication using SCRAM-SHA-256 which Atlas doesn’t support, causing the “BadValue: SCRAM-SHA-256 authentication is disabled” message, before falling back to SCRAM-SHA-1.
Note that there is NO detrimental effect to the operation of the database, and this informational message is provided for your own auditing purposes.
If there is connection issue, you could change the authentication mechanism to SCRAM-SHA-1
. In a connection string, specify authMechanism=SCRAM-SHA-1
mongodb://username:password@host:port/database?authMechanism=SCRAM-SHA-1
Source: https://www.mongodb.com/community/forums/t/badvalue-scram-sha-256-authentication-is-disabled/143254/4