Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.1.12.Final, 1.3.1.Final, 1.4.0.Final
Affects Version/s: 1.2.4.Final
Component/s: Authentication Mechanisms, HTTP
Labels:
None

Steps to Reproduce:
Hide

git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git cd tests-ldap-kerberos git checkout 7.x ./build-eap71.sh -Deap -Djboss.dist.zip=/home/jkalina/work/tests-ldap-kerberos/wildfly.zip -Dversion.wildfly.core=5.0.0.Alpha1-SNAPSHOT -Dversion.jboss.bom=7.1.0.GA -Dtest=SPNEGODefaultTestCase#testInvalidTicketFormFallback

But add check into testInvalidTicketFormFallback:

assertHttpHeader(response, HEADER_WWW_AUTHENTICATE, "Negotiate oQcwBaADCgEC");
Show
git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git cd tests-ldap-kerberos git checkout 7.x ./build-eap71.sh -Deap -Djboss.dist.zip=/home/jkalina/work/tests-ldap-kerberos/wildfly.zip -Dversion.wildfly.core=5.0.0.Alpha1-SNAPSHOT -Dversion.jboss.bom=7.1.0.GA -Dtest=SPNEGODefaultTestCase#testInvalidTicketFormFallback But add check into testInvalidTicketFormFallback : assertHttpHeader(response, HEADER_WWW_AUTHENTICATE, "Negotiate oQcwBaADCgEC" );
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1116

When the client sends an initial SPNEGO token with Kerberos as preferred mechanism and includes an invalid kerberos token, then client expects to see the WWW-Authenticate HTTP header with SPNEGO response negTokenResp[ negState = reject ].

As stated in SPNEGO specification negstat is required in first reply:

negState

...

      This field is REQUIRED in the first reply from the target, and is

      OPTIONAL thereafter.  When negState is absent, the actual state

      should be inferred from the state of the negotiated mechanism

      context.

clones

JBEAP-4114 [QE](7.1.z) ELY-715 / ELY-1547 - SPNEGO: missing negstat field in the first reply

Closed

is cloned by

JBEAP-16386 (7.2.z) [ELY-1547] SPNEGO: missing negstat field in the first reply for expired token

Closed

is related to

ELY-1549 IBM JDK, SPNEGO + FORM; with invalid ticket 401 status code is returned

Resolved

Assignee:: Jan Kalina (Inactive)

Reporter:: Jan Kalina (Inactive)

Tester:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2018/03/20 1:31 PM

Updated:: 2019/02/14 4:43 AM

Resolved:: 2018/05/03 11:57 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates