Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1373

IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned

    Details

    • Steps to Reproduce:
      Hide
      git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git
      cd tests-ldap-kerberos
      git checkout 7.x
      JAVA_HOME=/opt/ibm-java-x86_64-80 ./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=4.0.0.Alpha1-SNAPSHOT -Djboss.dist.zip=/home/jkalina/work/wildfly/build/target/wildfly-11.0.0.Final-SNAPSHOT.zip -Dtest=SPNEGONoneTestCase#testInvalidTicketFormFallback
      
      Show
      git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git cd tests-ldap-kerberos git checkout 7.x JAVA_HOME=/opt/ibm-java-x86_64-80 ./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=4.0.0.Alpha1-SNAPSHOT -Djboss.dist.zip=/home/jkalina/work/wildfly/build/target/wildfly-11.0.0.Final-SNAPSHOT.zip -Dtest=SPNEGONoneTestCase#testInvalidTicketFormFallback

      Description

      Given SPNEGO + FORM authentication configuration. And running on IBM java.
      When invalid kerberos ticket is send
      Then status code 200 is returned with http form.

      While on Oracle JDK gssContext.isEstablished() returns true for invalid client ticket (negotiate with wrong domain JBOSS.COM), so SPNEGO mechanism sends bare challenge after failed authorization, on IBM JDK it returns false immediately, so mechanism fail without sending challenge - to be consistent should be send in both cases.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  honza889 Jan Kalina
                  Reporter:
                  honza889 Jan Kalina
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: