[jboss-jira] [JBoss JIRA] (ELY-1536) DigestSaslClient parse but ignore "stale" param

Jan Kalina (JIRA) issues at jboss.org
Mon Mar 5 10:47:00 EST 2018 

     [ https://issues.jboss.org/browse/ELY-1536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Kalina updated ELY-1536:
----------------------------
    Description: 
Server sends "stale=true" when invalid nonce is used.
Client should repeat authentication with new nonce, but it ignores it instead.

rfc2831:
{panel}
If the response is valid, the server MAY choose to deem that
   authentication has succeeded. However, if it has been too long since
   the previous authentication, or for any other reason, the server MAY
   send a new "digest-challenge" with a new value for nonce. The
   challenge MAY contain a "stale" directive with value "true", which
   says that the client may respond to the challenge using the password
   it used in the previous response; otherwise, the client must solicit
   the password anew from the user. This permits the server to make sure
   that the user has presented their password recently. (The directive
   name refers to the previous nonce being stale, not to the last use of
   the password.) Except for the handling of "stale", after sending the
   "digest-challenge" authentication proceeds as in the case of initial
   authentication.
{panel}

  was:
Server sends "stale=true" when invalid nonce is used.
Client should repeat authentication with new nonce, but it ignores it instead.



> DigestSaslClient parse but ignore "stale" param
> -----------------------------------------------
>
>                 Key: ELY-1536
>                 URL: https://issues.jboss.org/browse/ELY-1536
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: SASL
>    Affects Versions: 1.2.3.Final
>            Reporter: Jan Kalina
>            Assignee: Jan Kalina
>
> Server sends "stale=true" when invalid nonce is used.
> Client should repeat authentication with new nonce, but it ignores it instead.
> rfc2831:
> {panel}
> If the response is valid, the server MAY choose to deem that
>    authentication has succeeded. However, if it has been too long since
>    the previous authentication, or for any other reason, the server MAY
>    send a new "digest-challenge" with a new value for nonce. The
>    challenge MAY contain a "stale" directive with value "true", which
>    says that the client may respond to the challenge using the password
>    it used in the previous response; otherwise, the client must solicit
>    the password anew from the user. This permits the server to make sure
>    that the user has presented their password recently. (The directive
>    name refers to the previous nonce being stale, not to the last use of
>    the password.) Except for the handling of "stale", after sending the
>    "digest-challenge" authentication proceeds as in the case of initial
>    authentication.
> {panel}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list