IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned ----------------------------------------------------------------------- Key: ELY-1373 URL: https://issues.jboss.org/browse/ELY-1373 Project: WildFly Elytron Issue Type: Bug Components: Authentication Mechanisms Affects Versions: 1.2.0.Beta3 Reporter: Jan Kalina Assignee: Jan Kalina Given SPNEGO + FORM authentication configuration. And running on IBM java. When invalid kerberos ticket is send Then status code 200 is returned with http form. While on Oracle JDK {{gssContext.isEstablished()}} returns true for invalid client ticket, so SPNEGO mechanism send bare challenge after failed authorization, on IBM JDK it returns false immediately, so mechanism fail without sending challenge - to be consistent should be send in both cases.