[jboss-jira] [JBoss JIRA] (SECURITY-854) Fallback to FORM authentication when an invalid kerberos token is used
Derek Horton (JIRA)
issues at jboss.org
Thu Aug 14 21:32:29 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-854?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Derek Horton updated SECURITY-854:
----------------------------------
Steps to Reproduce:
Get a token from a different KDC than what JBoss is configured to use. Hit a Negotiation protected endpoint. This will result in a 401.
With the patch applied, it is possible to fallback to form authentication.
Git Pull Request: https://github.com/wildfly-security/jboss-negotiation/pull/19
> Fallback to FORM authentication when an invalid kerberos token is used
> ----------------------------------------------------------------------
>
> Key: SECURITY-854
> URL: https://issues.jboss.org/browse/SECURITY-854
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Reporter: Derek Horton
> Assignee: Derek Horton
>
> Negotiation will not fallback to FORM authentication if the client has a kerberos token from a different KDC than what JBoss is configured to use.
> This results in the user getting presented with a 401 error and no way to login.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the jboss-jira
mailing list