[jboss-jira] [JBoss JIRA] (ELY-1373) IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Sep 22 07:58:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467317#comment-13467317 ]
Darran Lofthouse commented on ELY-1373:
---------------------------------------
GSSContext should not be returning true on isEstablished if the ticket was not valid, that sounds worrying.
> IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned
> -----------------------------------------------------------------------
>
> Key: ELY-1373
> URL: https://issues.jboss.org/browse/ELY-1373
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms
> Affects Versions: 1.2.0.Beta3
> Reporter: Jan Kalina
> Assignee: Jan Kalina
>
> Given SPNEGO + FORM authentication configuration. And running on IBM java.
> When invalid kerberos ticket is send
> Then status code 200 is returned with http form.
> While on Oracle JDK {{gssContext.isEstablished()}} returns true for invalid client ticket, so SPNEGO mechanism send bare challenge after failed authorization, on IBM JDK it returns false immediately, so mechanism fail without sending challenge - to be consistent should be send in both cases.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list