[jboss-jira] [JBoss JIRA] (WFLY-8463) Elytron, misconfiguration of http-authentication-factory leads to 403 - should be 500

Martin Choma (JIRA) issues at jboss.org
Wed Mar 29 04:37:01 EDT 2017 

     [ https://issues.jboss.org/browse/WFLY-8463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma updated WFLY-8463:
-------------------------------
    Steps to Reproduce: 
* Follow steps for securing management interface with kerberos https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.alpha/html-single/how_to_set_up_sso_with_kerberos/#secure_mgmt_interface_krb_elytron

* Replace creation of http-authentication-factory with this command specifying protocol HTTP
{code}
/subsystem=elytron/http-authentication-factory=example-krb-http-auth:add( \
  http-server-mechanism-factory=global, \
  security-domain=exampleFsSD, \
  mechanism-configurations=[ \
    { \
      mechanism-name=SPNEGO,\
      mechanism-realm-configurations= \
        [ \
          { \
            realm-name=exampleFsSD \
          } \
        ], \
      protocol=DOES_NOT_EXIST,\
      credential-security-factory=krbSF \
    } \
  ] \
)
{code}


  was:
/subsystem=elytron/http-authentication-factory=example-krb-http-auth:add( \
  http-server-mechanism-factory=global, \
  security-domain=exampleFsSD, \
  mechanism-configurations=[ \
    { \
      mechanism-name=SPNEGO,\
      mechanism-realm-configurations= \
        [ \
          { \
            realm-name=exampleFsSD \
          } \
        ], \
      protocol=DOES_NOT_EXIST,\
      credential-security-factory=krbSF \
    } \
  ] \
)



> Elytron, misconfiguration of http-authentication-factory leads to 403 - should be 500
> -------------------------------------------------------------------------------------
>
>                 Key: WFLY-8463
>                 URL: https://issues.jboss.org/browse/WFLY-8463
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Assignee: Darran Lofthouse
>
> When I misconfigured {{http-authentication-factory}, e.g. with unreal protocol "DOES_NOT_EXIST" I get http status code 403.
> I think 500 would be more appropriate here, as server is misconfigured and can't authenticate.
> 403 means user has not appropriate roles.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list