Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: 1.1.0.CR2
Affects Version/s: None
Component/s: Authentication Mechanisms
Labels:
None

Steps to Reproduce:

Hide

testInvalidKerberosSpnegoWorkflow in https://github.com/jbossas/jboss-eap7/pull/457/commits/661c2c6c8a1b91feab54f3394c03e7a54818ed18

Show
testInvalidKerberosSpnegoWorkflow in https://github.com/jbossas/jboss-eap7/pull/457/commits/661c2c6c8a1b91feab54f3394c03e7a54818ed18

Description

When the client sends an initial SPNEGO token with Kerberos as preferred mechanism and includes an invalid kerberos token, then client expects to see the WWW-Authenticate HTTP header with SPNEGO response negTokenResp[ negState = reject ].

As stated in SPNEGO specification negstat is required in first reply:

negState

...

      This field is REQUIRED in the first reply from the target, and is

      OPTIONAL thereafter.  When negState is absent, the actual state

      should be inferred from the state of the negotiated mechanism

      context.

Attachments

Issue Links

clones

JBEAP-4114 [QE](7.1.z) ELY-715 / ELY-1547 - SPNEGO: missing negstat field in the first reply

Closed

JBEAP-6679 Elytron SPNEGO: missing negstat field in the first reply

Closed

Activity

People

Assignee:: Darran Lofthouse

Reporter:: Jan Kalina (Inactive)

Tester:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2016/11/02 3:38 PM

Updated:: 2018/03/21 12:32 PM

Resolved:: 2018/03/20 12:59 PM