[jboss-jira] [JBoss JIRA] (WFLY-7993) Legacy Kerberos in management, unable to configure fallback authentication.
Martin Choma (JIRA)
issues at jboss.org
Mon Jan 30 07:16:00 EST 2017
Martin Choma created WFLY-7993:
----------------------------------
Summary: Legacy Kerberos in management, unable to configure fallback authentication.
Key: WFLY-7993
URL: https://issues.jboss.org/browse/WFLY-7993
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Blocker
In EAP 7.0 there was possible to configure fallback (e.g. BASIC) authentication, if client does not support SPNEGO authentication. In EAP 7.1 this feature does not work anymore.
In EAP 7.0 server returns multiple chalanges (Negotiate/Basic) and client could choose which he will use.
{code:title=EAP 7.0}
HTTP/1.1 401 Unauthorized
Connection: keep-alive
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm="FallBackKerberosRealm"
X-Frame-Options: SAMEORIGIN
Content-Length: 77
Content-Type: text/html
Date: Mon, 30 Jan 2017 11:02:45 GMT
<html><head><title>Error</title></head><body>401 - Unauthorized</body></html>
{code}
In EAP 7.1 (with same configuration) server returns only one chalange - Negotiate so client not supporting SPNEGO, can't fallback to Basic.
{code:title=EAP 7.1}
HTTP/1.1 401 Unauthorized
Connection: keep-alive
WWW-Authenticate: Negotiate
X-Frame-Options: SAMEORIGIN
Content-Length: 77
Content-Type: text/html
Date: Mon, 30 Jan 2017 11:01:28 GMT
<html><head><title>Error</title></head><body>401 - Unauthorized</body></html>
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list