Kerberos authentication fallback lacks authentication header on JDK 17

Download attachments to /tmp/ folder. Start ApacheDS ldap-kerberos server, specify  ou=users,dc=example,dc=com as a seacrh base DN of kerberos server. Create kerberos users and services: ldapmodify -h localhost -p 10389 -D "uid=admin,ou=system" -w "secret" -a -f /tmp/addusers.ldif Run and configure server: ./jboss-cli.sh -c --file /tmp/commands.txt Deploy ldap-test.war Access http://127.0.0.1:8080/ldap-test/protected/SimpleSecuredServlet using Negotiate authentication header , for example using curl: curl -v -i -H "Connection: Keep-Alive" -H "Host: 127.0.0.1:8080" -H "Accept-Encoding: gzip,deflate" -H "Authorization: Negotiate YIIDbgYGKwYBBQUCoIIDYjCCA16gCjAIBgYrBgEFAgWiggNOBIIDSmCCA0YGBisGAQUCBQUBMA2hCwQJSkJPU1MuQ09NbIIDKTCCAyWhAwIBBaIDAgEMo4ICuDCCArQwggHdoQMCAQGiggHUBIIB0G6CAcwwggHIoAMCAQWhAwIBDqIHAwUAAAAAAKOB9WGB8jCB76ADAgEFoQsbCUpCT1NTLkNPTaIeMBygAwIBAqEVMBMbBmtyYnRndBsJSkJPU1MuQ09No4G6MIG3oAMCARCiga8Egawz8yWkJnYMFyDkN0HZu+MMA6oswi3jt5Dpe67uk7qx7dZKKjACbzu3l/Wk2oOwvGvVoB7t9wfxJNGqjFC40AhSFIhZBEUBndGYby4YytJzo/Z5XjMfKCRbc3Dl7f/8C/g8rv/wpoRvmO6PGeTKMAe6bABa1y8omEvppSpRi43zU2sliOzGEt3hJlkIgWweRRhsGRFXQN5R/cacw/M8k3H7uq+SFD5Y7IgkwOUopIG6MIG3oAMCARCiga8Egayr/3ITPfEck14VeYsZ1zKP2SWuAvwZPTpRiTiftPuUvPzFdky/6Cjz7Ui5Z1wNn9g0yLeQ/5Do8os+ZinWHQSqfFD9YZ5T0VBIYqZ0VJ3QQ24oo2f14iJyJcbtExHZjYPMT5ldrTNq8defClpr04blRmzxUMLDJii7Sb3VVjrk6bi+ffclP3dY/yZBG6fk5rsTZuKRDsGgzmlebXn3/9IaPZ6D6zw8O0NY6eUdMIHQoQQCAgCIooHHBIHEoIHBMIG+oR8wHaADAgEMoRYEFNuOo0oYBNlAgSCF/SErOoebRVfNooGaMIGXoAMCARCigY8EgYxGrCCP/JA3STHnOIx+6Jdx+G3+dKzu9ZRyxKgHBcfDTcC5jFDGsityhlzmOV9iLE32q3mL9cc4lW0wKq9+6xSdPOjlUSqYYGufP7wjyHHTmRNTYxc2CFGzjAKC4RO1CPrQGAlo4ktH8Q9AwtSFuGi0oklntHaSliQeBoBqzDm3/5V7w2SBeNcH8w7etaRdMFugBwMFAEAAAACiCxsJSkJPU1MuQ09Nox4wHKADAgECoRUwExsGa3JidGd0GwlKQk9TUy5PUkelERgPMjAxNTAyMjcxMjQzMzVapwYCBFTvFRCoCDAGAgEDAgEQ" "http: //127.0.0.1:8080/ldap-test/ protected /SimpleSecuredServlet" Server should respond with 200 OK status and  WWW-Authenticate: Negotiate oQcwBaADCgEC header, however this header is missing when server runs on JDK 17. There is also an exception in server log on JDK 17 when executing curl request: TRACE [org.wildfly.security.http.spnego] ( default task-1) Call to acceptSecContext failed.: GSSException: Failure unspecified at GSS-API level     at java.security.jgss/sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:587)     at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:361)     at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:303)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.spnego.SpnegoAuthenticationMechanism.lambda$evaluateRequest$0(SpnegoAuthenticationMechanism.java:245)     at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)     at java.base/javax.security.auth.Subject.doAs(Subject.java:439)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.spnego.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:245)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:119)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.util.SocketAddressCallbackServerMechanismFactory$1.evaluateRequest(SocketAddressCallbackServerMechanismFactory.java:82)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.util.SocketAddressCallbackServerMechanismFactory$1.evaluateRequest(SocketAddressCallbackServerMechanismFactory.java:82)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:119)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:85)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:325)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:300)     at org.wildfly.security.elytron-base@1.19.0.Final //org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:94)     at org.wildfly.security.elytron-web.undertow-server@1.10.1.Final-redhat-00001 //org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:107)     at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final-redhat-00001 //org.wildfly.elytron.web.undertow.server.servlet.ServletSecurityContextImpl.authenticate(ServletSecurityContextImpl.java:115)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)     at io.undertow.core@2.2.17.Final //io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)     at io.undertow.core@2.2.17.Final //io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)     at io.undertow.core@2.2.17.Final //io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)     at io.undertow.core@2.2.17.Final //io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)     at io.undertow.core@2.2.17.Final //io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)     at org.wildfly.security.elytron-web.undertow-server-servlet@1.10.1.Final-redhat-00001 //org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)     at io.undertow.core@2.2.17.Final //io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)     at org.wildfly.extension.undertow@8.0.0.Beta-redhat-20220504 //org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)     at io.undertow.core@2.2.17.Final //io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)     at org.wildfly.extension.undertow@8.0.0.Beta-redhat-20220504 //org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)     at io.undertow.core@2.2.17.Final //io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:275)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)     at org.wildfly.extension.undertow@8.0.0.Beta-redhat-20220504 //org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)     at org.wildfly.extension.undertow@8.0.0.Beta-redhat-20220504 //org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)     at org.wildfly.extension.undertow@8.0.0.Beta-redhat-20220504 //org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)     at org.wildfly.extension.undertow@8.0.0.Beta-redhat-20220504 //org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1431)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:255)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)     at io.undertow.servlet@2.2.17.Final //io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)     at io.undertow.core@2.2.17.Final //io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)     at io.undertow.core@2.2.17.Final //io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)     at org.jboss.threads@2.4.0.Final-redhat-00001 //org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)     at org.jboss.threads@2.4.0.Final-redhat-00001 //org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)     at org.jboss.threads@2.4.0.Final-redhat-00001 //org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)     at org.jboss.threads@2.4.0.Final-redhat-00001 //org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)     at org.jboss.xnio@3.8.7.Final //org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)     at java.base/java.lang. Thread .run( Thread .java:833)