Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1373

IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned

XMLWordPrintable

    • Hide 
      git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git
cd tests-ldap-kerberos
git checkout 7.x
JAVA_HOME=/opt/ibm-java-x86_64-80 ./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=4.0.0.Alpha1-SNAPSHOT -Djboss.dist.zip=/home/jkalina/work/wildfly/build/target/wildfly-11.0.0.Final-SNAPSHOT.zip -Dtest=SPNEGONoneTestCase#testInvalidTicketFormFallback
      Show
      git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git cd tests-ldap-kerberos git checkout 7.x JAVA_HOME=/opt/ibm-java-x86_64-80 ./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=4.0.0.Alpha1-SNAPSHOT -Djboss.dist.zip=/home/jkalina/work/wildfly/build/target/wildfly-11.0.0.Final-SNAPSHOT.zip -Dtest=SPNEGONoneTestCase#testInvalidTicketFormFallback

      Given SPNEGO + FORM authentication configuration. And running on IBM java.
      When invalid kerberos ticket is send
      Then status code 200 is returned with http form.

      While on Oracle JDK gssContext.isEstablished() returns true for invalid client ticket (negotiate with wrong domain JBOSS.COM), so SPNEGO mechanism sends bare challenge after failed authorization, on IBM JDK it returns false immediately, so mechanism fail without sending challenge - to be consistent should be send in both cases.

              jkalina@redhat.com Jan Kalina (Inactive)
              jkalina@redhat.com Jan Kalina (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: