[jboss-jira] [JBoss JIRA] (ELY-1547) SPNEGO: missing negstat field in the first reply

Tuesday, 20 March 2018



     [
https://issues.jboss.org/browse/ELY-1547?page=com.atlassian.jira.plugin.s...
]

Jan Kalina moved JBEAP-14436 to ELY-1547:
-----------------------------------------

              Project: WildFly Elytron  (was: JBoss Enterprise Application Platform)
                  Key: ELY-1547  (was: JBEAP-14436)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: HTTP
                           (was: Security)
    Affects Version/s: 1.2.4.Final
                           (was: 7.0.0.ER7)


...
 SPNEGO: missing negstat field in the first reply
 ------------------------------------------------

                 Key: ELY-1547
                 URL: https://issues.jboss.org/browse/ELY-1547
             Project: WildFly Elytron
          Issue Type: Bug
          Components: HTTP
    Affects Versions: 1.2.4.Final
            Reporter: Jan Kalina
            Assignee: Jan Kalina

 When the client sends an initial SPNEGO token with Kerberos as preferred mechanism and
includes an invalid kerberos token, then client expects to see the {{WWW-Authenticate}}
HTTP header with SPNEGO response {{negTokenResp[ negState = reject ]}}.
 As stated in [SPNEGO specification|https://tools.ietf.org/html/rfc4178#section-4.2.2]
negstat is required in first reply:
 {code:borderStyle=dashed}
 negState
 ...
       This field is REQUIRED in the first reply from the target, and is
       OPTIONAL thereafter.  When negState is absent, the actual state
       should be inferred from the state of the negotiated mechanism
       context.
 {code} 


--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (ELY-1547) SPNEGO: missing negstat field in the first reply