[jboss-jira] [JBoss JIRA] (SECURITY-640) Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.

RH Bugzilla Integration (JIRA) issues at jboss.org
Wed Jan 28 07:30:49 EST 2015 

    [ https://issues.jboss.org/browse/SECURITY-640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13035610#comment-13035610 ] 

RH Bugzilla Integration commented on SECURITY-640:
--------------------------------------------------

Josef Cacek <jcacek at redhat.com> changed the Status of [bug 1085500|https://bugzilla.redhat.com/show_bug.cgi?id=1085500] from ON_QA to VERIFIED

> Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: SECURITY-640
>                 URL: https://issues.jboss.org/browse/SECURITY-640
>             Project: PicketBox 
>          Issue Type: Bug
>          Components: Negotiation
>         Environment: Active Directory  Winwos 2003, Client Machine windows XP, Jboss Server Machine Window XP and Jboss 6.1
>            Reporter: Hrishi Salvi
>            Assignee: Derek Horton
>             Fix For: Negotiation_2_2_8, Negotiation_2_3_0_CR2
>
>
> We are trying to configure the single sign on using jboss negotiation.
> We are able to login successfully if the user is present in active directory.
> But in case if user is not present in active directory users, it throw 401 error page.
> Instead of 401 we want user to access login form and authenticate user using different login module.
> In our case we have login page we authenticate user on that page.
> If we receive user credentials we login the user without asking for password.
> Now if the user credentials are not received then we want user to open login form present
> on login page, but before that is throws 401 error.
> We have configure the login-config.xml, web.xml and jboss-web.xml as per the documentation.
> Also defined 
>  <web-resource-collection>
> 			<web-resource-name>Restricted</web-resource-name>
> 			<url-pattern>/Request</url-pattern>
> 			<http-method>GET</http-method>
> 			<http-method>POST</http-method>
> 	  </web-resource-collection> 
> in web.xml
> Our application is access through Request servlet.



--
This message was sent by Atlassian JIRA
(v6.3.11#6341)

More information about the jboss-jira mailing list