-
Bug
-
Resolution: Not a Bug
-
Major
-
None
-
7.1.0.GA
-
None
When I successfully authenticate using SPNEGO, but user is not stored in underlying security realm, 401 is returned. Whereas I would expect 403. Because authentication was successful, but authorization part failed.
Also In SPNEGO + FORM fallback scenario, when invalid ticket is used, http form with http status code 401 is send, where I would expect 200.
This JIRA is just for reference purpose and just catch up on consequence of existing PR https://github.com/wildfly-security/wildfly-elytron/pull/1022
- is related to
-
JBEAP-12868 [QE](7.1.z) ELY-1373 - IBM JDK, SPNEGO + FORM; with invalid ticket 200 status code is returned
- Closed