BadValue: SCRAM-SHA-256 authentication is disabled

At the access log there are randomly error messages: BadValue: SCRAM-SHA-256 authentication is disabled.
This happens 100% of the time with mms-automation from localhost and occasionally from regular remote client even the connection string is always the same.

SCRAM-SHA is not disabled and this seems like an Atlas bug.

13 Likes

Did you solve this? Have the same problem.

Hi @Danwiu,

SCRAM-SHA is not disabled and this seems like an Atlas bug.

Currently, Atlas does not support SCRAM-SHA-256, but does support SCRAM-SHA-1. Notably, MongoDB authentication protocols do not use SHA-1 as a raw hash function for passwords or digital signatures, but rather as an HMAC construction in, e.g., SASL SCRAM-SHA-1. While many common uses of SHA-1 have been deprecated or sunset by standards organizations, these do not typically apply to HMAC functions.

At the access log there are randomly error messages: BadValue: SCRAM-SHA-256 authentication is disabled.

Just to clarify, is the above message you’re seeing within the Database Access History section?

This happens 100% of the time with mms-automation from localhost

The mms-automation user is used for Atlas internal automation tasks including monitoring. The source of this message is that mms-automation user initially attempts authentication using SCRAM-SHA-256 which Atlas doesn’t support, causing the “BadValue: SCRAM-SHA-256 authentication is disabled” message, before falling back to SCRAM-SHA-1. Note that there is no detrimental effect to the operation of the database, and this informational message is provided for your own auditing purposes.

occasionally from regular remote client even the connection string is always the same.

Other than the mms-automation user, what other application(s) from your environment are causing the same “BadValue: SCRAM-SHA-256 authentication is disabled.” message? Please provide the following details about those application(s):

  • Driver being used to connect to the Atlas cluster
  • Driver version being used
  • MongoDB Version for the Atlas cluster
  • Connection string being used (please redact any sensitive information including credentials before posting here).

Regards,
Jason

1 Like

Hi @Stefan_Verhagen - Welcome to the community :wave:

As noted above in my previous response to Danwiu, Currently, Atlas does not support SCRAM-SHA-256, but does support SCRAM-SHA-1. Hopefully the previous response provides more details you were after.

However, could you clarify what problem you are seeing exactly? Please provide the following so we are able to assist with narrowing down what the particular issue could be:

  • Screenshot of where you are seeing the “problem”
  • If the problem messages you have noted are shown on Atlas or not (or for e.g. in the mongod logs)
  • Driver being used to connect to the MongoDB deployment
  • The Driver version being used
  • The MongoDB version in use

Regards,
Jason

Thank you for your quick response Jason, indeed it is the mms-automation user creating the culprit.

1 Like