My Epson TM-T88V-i receipt printer tries to fetch XML data from a server URL which needs the printer to authenticate via HTTP digest. (this Epson feature is called "Server Direct Print")
From the printer's web console I'm able to send a test request to the server but HTTP digest authentication fails. Same happens if I let the printer try to authenticate at the server.
If I try to access the URL via browser the HTTP digest username+password box appears and if I enter the credentials the XML gets displayed in the browser as expected. This shows, that the HTTP digest mechanism on server side is set up correctly (I'm using the PHP framework Symfony 2.8).
On server side I see following log information:
Step 1
[2016-04-03 16:33:01] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {"exception":"[object] (Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException(code: 0): A Token was not found in the TokenStorage. at /home/.../src/Symfony/Component/Security/Http/Firewall/AccessListener.php:53)"}
Step 2
[2016-04-03 16:33:01] security.DEBUG: Calling Authentication entry point.
Step 3
[2016-04-03 16:33:01] security.DEBUG: Digest Authorization header received from user agent. {"header":"username=\"printer\", realm=\"example\", nonce=\"MTQ1OTk5Mzk4MS40NjQ3OmI0OTVmN2ZkZTlhYmE1NmNjNDIxNmIxMWU0OGVmYjUz\", uri=\"/export\", cnonce=\"MDAxNjM0\", nc=00000001, qop=\"auth\", response=\"c6ad88607624efd17f7de602f6ee9def\""}
Step 4
[2016-04-03 16:33:01] security.DEBUG: Unexpected response from the DigestAuth received; is the header returning a clear text passwords? {"expected":"741bff6abed513b6948c26eae529b6b6","received":"c6ad88607624efd17f7de602f6ee9def"}
Step 5
[2016-04-03 16:33:01] security.INFO: Digest authentication failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Incorrect response at /home/.../src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php:107)"}
The log file tells us what happens server side:
In Step 1+2 the Epson tries to access the server URL which is HTTP digest protected and the server sends a 401 "unauthorized" response with a nonce (we don't see this in this log file)
In Step 3 the Epson sends the HTTP digest client authorization request including all necessary data. The response parameter contains a hash which should be generated out of the other authorization parameters
In Step 4 my symfony 2.8 application says, that the hashed response parameter which was sent by the Epson in step 3 is not the one which was expected by the HTTP digest process.
Step 5 finally shows, that the HTTP digest authentication failed.
As far as I understand, the digest authentication process (as described on wikipedia) is correct, except that the Epson doesn't calculate the correct hash in his authentication request.
Does anyone know why the Epson sends a wrong response parameter or did someone make this scenario work?