Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-14187

SPNEGO, when user not in realm 401 is returned

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 7.1.0.GA
    • Security
    • None
    • Hide
      ./build-eap71.sh -Deap -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=3.0.10.Final-redhat-1 -Dmaven.repo.local=/home/mchoma/workspace/eap-versions/7.1.0.CR4/jboss-eap-7.1.0.GA-maven-repository/maven-repository -Djboss.dist.zip=/home/mchoma/workspace/eap-versions/7.1.0.CR4/jboss-eap-7.1.0.CR4.zip -Dtest=SPNEGOSessionTestCase -DtestLogToFile=false -Dignore.known.issues=true
      
      Show
      ./build-eap71.sh -Deap -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=3.0.10.Final-redhat-1 -Dmaven.repo.local=/home/mchoma/workspace/eap-versions/7.1.0.CR4/jboss-eap-7.1.0.GA-maven-repository/maven-repository -Djboss.dist.zip=/home/mchoma/workspace/eap-versions/7.1.0.CR4/jboss-eap-7.1.0.CR4.zip -Dtest=SPNEGOSessionTestCase -DtestLogToFile= false -Dignore.known.issues= true

      When I successfully authenticate using SPNEGO, but user is not stored in underlying security realm, 401 is returned. Whereas I would expect 403. Because authentication was successful, but authorization part failed.

      Also In SPNEGO + FORM fallback scenario, when invalid ticket is used, http form with http status code 401 is send, where I would expect 200.

      This JIRA is just for reference purpose and just catch up on consequence of existing PR https://github.com/wildfly-security/wildfly-elytron/pull/1022

              jkalina@redhat.com Jan Kalina (Inactive)
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: