[jboss-jira] [JBoss JIRA] (ELY-1373) IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned

Jan Kalina (JIRA) issues at jboss.org
Mon Sep 25 05:25:00 EDT 2017 

     [ https://issues.jboss.org/browse/ELY-1373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated ELY-1373:
----------------------------
    Steps to Reproduce: 
{code}
git clone git at gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git
cd tests-ldap-kerberos
git checkout 7.x
JAVA_HOME=/opt/ibm-java-x86_64-80 ./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=4.0.0.Alpha1-SNAPSHOT -Djboss.dist.zip=/home/jkalina/work/wildfly/build/target/wildfly-11.0.0.Final-SNAPSHOT.zip -Dtest=SPNEGONoneTestCase#testInvalidTicketFormFallback
{code}

  was:
{code}
git clone git at gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git
cd tests-ldap-kerberos
git checkout 7.x
./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=3.0.1.Final-redhat-1 -Dmaven.repo.local=/home/mchoma/workspace/eap-versions/7.1.0.CR1/jboss-eap-7.1.0.GA-maven-repository/maven-repository -Djboss.dist.zip=/home/mchoma/workspace/eap-versions/7.1.0.CR1/jboss-eap-7.1.0.CR1.zip -Dmaven.test.failure.ignore=true -Dignore.known.issues=true -Dtest=SPNEGONoneTestCase#testInvalidTicketFormFallback
{code}



> IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned
> -----------------------------------------------------------------------
>
>                 Key: ELY-1373
>                 URL: https://issues.jboss.org/browse/ELY-1373
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Authentication Mechanisms
>    Affects Versions: 1.2.0.Beta3
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>
> Given SPNEGO + FORM authentication configuration. And running on IBM java.
> When invalid kerberos ticket is send 
> Then status code 200 is returned with http form. 
> While on Oracle JDK {{gssContext.isEstablished()}} returns true for invalid client ticket, so SPNEGO mechanism send bare challenge after failed authorization, on IBM JDK it returns false immediately, so mechanism fail without sending challenge - to be consistent should be send in both cases.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list