Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2298

Verify compatibility with RFC2617 Digest Access Authentication

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.15.11.Final
    • None
    • None
    • None

    Description

      Check Digest authentication mechanism implementation for incompatibilities with the RFC https://datatracker.ietf.org/doc/html/rfc2617#section-1.2.

      It is mentioned that authentication scheme should be case insensitive so clients should be able to provide authorization header begginning with "Digest " prefix in a case insensitive manner. In our implementation of Digest authentication mechanism this is not currently the case.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-23123 [GSS](7.4.z) ELY-303 ELY-2298 - The 'Basic' and 'Digest' HTTP Authentication Schemes not compatible with RFC7617 and RFC7616

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              rhn-support-rmartinc Ricardo Martin Camarero
              dvilkola@redhat.com Diana Krepinska
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: