[jboss-jira] [JBoss JIRA] (SECURITY-799) Port the fallback to BASIC auth fix from branch security-negotiation-2.1.x
Rafał Gała (JIRA)
issues at jboss.org
Tue Apr 15 18:28:33 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12962147#comment-12962147 ]
Rafał Gała commented on SECURITY-799:
-------------------------------------
Dual password prompt is probably caused by IE sending NTLM token.
Disabling
response.setHeader("WWW-Authenticate", getNegotiateScheme());
stops IE from sending NTLM token. Authentication works OK in all browsers. Maybe it's not needed?
> Port the fallback to BASIC auth fix from branch security-negotiation-2.1.x
> --------------------------------------------------------------------------
>
> Key: SECURITY-799
> URL: https://issues.jboss.org/browse/SECURITY-799
> Project: PicketBox
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: Negotiation_2_2_8
>
> Attachments: NegotiationAuthenticator.java
>
>
> The following two commits need to be pulled to master before 2.2.8 is tagged.
> https://github.com/wildfly/jboss-negotiation/commit/3a9ca05459edd6e4d3f3761d5ccb80c5be11f964
> https://github.com/wildfly/jboss-negotiation/commit/6edd2b0d30ff578bc3197daa86ee1e3142105f68
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list