[jboss-jira] [JBoss JIRA] (SECURITY-722) SPNEGO-fallback-to-FORM authentication does not work with httpd+JBossEAP6 if SPNEGO not available

flame liu (JIRA) jira-events at lists.jboss.org
Thu Jan 17 05:24:22 EST 2013 

    [ https://issues.jboss.org/browse/SECURITY-722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12746373#comment-12746373 ] 

flame liu commented on SECURITY-722:
------------------------------------

Hi Darran,

If I set ProxyErrorOverride to Off in httpd, and if SPNEGO fails, it turns to the page showing source code.

<html>
    <head>
      <title>Form Authentication</title>
    </head>
    <body>
      <h1>Form Authentication</h1>
     
     <p>If this page is displayed your web broweser is not taking part in the 
         SPNEGO process, a username and password can be entered instead to fall 
         back to username/password authentication.</p>
      <hr>
     <p>   
      <form method=post action="j_security_check" >
        <table>
          <tr>
            <td>Username</td><td>-</td>
            <td><input type="text"  name= "j_username" ></td>
          </tr>
          <tr>
            <td>Password</td><td>-</td>
            <td><input type="password"  name= "j_password" ></td>
          </tr>
          <tr>
            <td colspan="2"><input type="submit"></td>
          </tr>              
        </table>
      </form>
      </p> 
      <hr>
    </body>
  </html>
                
> SPNEGO-fallback-to-FORM authentication does not work with httpd+JBossEAP6 if SPNEGO not available
> -------------------------------------------------------------------------------------------------
>
>                 Key: SECURITY-722
>                 URL: https://issues.jboss.org/browse/SECURITY-722
>             Project: PicketBox 
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>    Affects Versions: Negotiation_2_2_1
>         Environment: RHEL6, JBoss EAP 6
>            Reporter: flame liu
>            Assignee: Darran Lofthouse
>
> I configured SPNEGO in EAP6. It works well both with EAP only and EAP6 + Apache httpd(mod_proxy). Users just run kinit and will be able to be successfully authenticated.
> After that, I added the fallback-to-form files/configurations both in the web app and standalone-full.xml. The fallback-to-form works only if httpd stops. If httpd starts, 401 error will always be thrown out.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list