[jboss-jira] [JBoss JIRA] (SECURITY-722) SPNEGO-fallback-to-FORM authentication does not work with httpd+JBossEAP6 if SPNEGO not available
Darran Lofthouse (JIRA)
jira-events at lists.jboss.org
Wed Jan 16 04:12:22 EST 2013
[ https://issues.jboss.org/browse/SECURITY-722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12746082#comment-12746082 ]
Darran Lofthouse commented on SECURITY-722:
-------------------------------------------
I am not really following the description here - if you have configured a proxy server that is sending it's own HTTP 401 responses to the client then yes it would be expected that the JBoss Negotiation fall back to FORM authentication will not be possible.
> SPNEGO-fallback-to-FORM authentication does not work with httpd+JBossEAP6 if SPNEGO not available
> -------------------------------------------------------------------------------------------------
>
> Key: SECURITY-722
> URL: https://issues.jboss.org/browse/SECURITY-722
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_1
> Environment: RHEL6, JBoss EAP 6
> Reporter: flame liu
> Assignee: Darran Lofthouse
>
> I configured SPNEGO in EAP6. It works well both with EAP only and EAP6 + Apache httpd(mod_proxy). Users just run kinit and will be able to be successfully authenticated.
> After that, I added the fallback-to-form files/configurations both in the web app and standalone-full.xml. The fallback-to-form works only if httpd stops. If httpd starts, 401 error will always be thrown out.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list