[ https://issues.jboss.org/browse/ELY-1373?page=com.atlassian.jira.plugin.s... ] Jan Kalina commented on ELY-1373: --------------------------------- [~dlofthouse] by javadoc, isEstablished returns true if "no more tokens are needed from the peer" (and negotiating loop should be terminated) Oracle says true = loop should be terminated, we dont suppose more input from client (but srcName obtaining will fail) IBM says false = loop should continue, we suppose client will continue by trying another ticket maybe? I think booth JDKs behaviors can be correct and are OK for us. When reconsidering, the status code 200 is correct for SPNEGO+FORM when invalid token is send and it is not possible to use continuation as NONE scope is used. The status code 401 would be used only when it would be without FORM fallback and it would be send without authenticate response, as continuation is not possible with NONE scope. Elytron behavior is correct - closing. -- This message was sent by Atlassian JIRA (v7.2.3#72005)