[jboss-jira] [JBoss JIRA] (WFCORE-916) Kerberos authentication into Management Console does not fallback correctly
Darran Lofthouse (JIRA)
issues at jboss.org
Mon Oct 5 06:37:00 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13114912#comment-13114912 ]
Darran Lofthouse commented on WFCORE-916:
-----------------------------------------
I will have a look and see if we can add some additional validation for the bad configuration, however in general these are not scenarios that fallback is supposed to be used for.
Fallback works by sending two simultaneous challenges to the client, one is SPNEGO and the other is either a HTTP Digest or HTTP Basic challenge - if the web browser is configured to support Kerberos it will use it, if not the browser decides to fallback to Digest / Basic. Fallback is not a server side capability if the server subsequently discovers it is incorrectly configured.
> Kerberos authentication into Management Console does not fallback correctly
> ----------------------------------------------------------------------------
>
> Key: WFCORE-916
> URL: https://issues.jboss.org/browse/WFCORE-916
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Affects Versions: 2.0.0.Beta1
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
>
> Fallback management realm is not taken into account for Kerberos authentication into Management Console. In cases when Kerberos authentication to Management Console is configured also with fallback mechanism (properties, security-domain...) and one of:
> - realm in principal is not set correctly
> - path to keytab is not set correctly
> is set in EAP configuration and when user with valid kerberos ticket tries to access Management Console then fallback is not taken into account and user cant access management console.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list