Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-4114

[QE](7.1.z) ELY-715 / ELY-1547 - SPNEGO: missing negstat field in the first reply

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.6.CR1, 7.1.6.GA
    • 7.0.0.ER7
    • Security
    • None

      When the client sends an initial SPNEGO token with Kerberos as preferred mechanism and includes an invalid kerberos token, then client expects to see the WWW-Authenticate HTTP header with SPNEGO response negTokenResp[ negState = reject ].

      As stated in SPNEGO specification negstat is required in first reply:

      negState
      
      ...
      
            This field is REQUIRED in the first reply from the target, and is
      
            OPTIONAL thereafter.  When negState is absent, the actual state
      
            should be inferred from the state of the negotiated mechanism
      
            context.
      

            rhn-support-ivassile Ilia Vassilev
            mchoma@redhat.com Martin Choma
            Martin Choma Martin Choma
            Martin Choma Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: