[ https://issues.jboss.org/browse/SECURITY-722?page=com.atlassian.jira.plug... ] flame liu commented on SECURITY-722: ------------------------------------ Hi Darran, If I set ProxyErrorOverride to Off in httpd, and if SPNEGO fails, it turns to the page showing source code. <html> <head> <title>Form Authentication</title> </head> <body> <h1>Form Authentication</h1> <p>If this page is displayed your web broweser is not taking part in the SPNEGO process, a username and password can be entered instead to fall back to username/password authentication.</p> <hr> <p> <form method=post action="j_security_check" > <table> <tr> <td>Username</td><td>-</td> <td><input type="text" name= "j_username" ></td> </tr> <tr> <td>Password</td><td>-</td> <td><input type="password" name= "j_password" ></td> </tr> <tr> <td colspan="2"><input type="submit"></td> </tr> </table> </form> </p> <hr> </body> </html> -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira