Bug 1085500 – [GSS] (6.4.0) JBoss Negotiation should fallback to form authentication instead of returning 401

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1085500 - [GSS] (6.4.0) JBoss Negotiation should fallback to form authentication instead of returning 401

Summary:	[GSS] (6.4.0) JBoss Negotiation should fallback to form authentication instea...

Status:	VERIFIED

Aliases:	None

Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Security (Show other bugs)
Sub Component:
Version:	6.3.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	DR1
Target Release:	EAP 6.4.0
Assigned To:	Derek Horton
QA Contact:	Pavel Slavicek
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	1085497 1085503
	Show dependency tree / graph

Reported:	2014-04-08 14:13 EDT by Derek Horton
Modified:	2018-06-07 17:30 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Clones:	1085501 1085503 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
JBoss Issue Tracker	SECURITY-640	Major	Resolved	Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.	2018-05-15 15:07 EDT

Groups: None (edit)

Description Derek Horton 2014-04-08 14:13:09 EDT

Description of problem:
[GSS] (6.3.0) JBoss Negotiation should fallback to form authentication instead of returning 401

Steps to Reproduce:
1.  Configured an invalid KDC
2.  Hit the JBoss Negotiation Toolkit SecuredServlet (test 3)
3.  A form should be returned instead of a 401

Comment 1 Derek Horton 2014-04-16 16:29:24 EDT

PR
https://github.com/wildfly/jboss-negotiation/pull/4

Comment 2 JBoss JIRA Server 2014-09-01 04:00:13 EDT

Hrishi Salvi <hrishishikesh.salvi@gmail.com> updated the status of jira SECURITY-640 to Closed

Comment 3 JBoss JIRA Server 2014-09-01 08:05:56 EDT

Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira SECURITY-640 to Reopened

Comment 4 JBoss JIRA Server 2014-09-01 08:06:24 EDT

Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira SECURITY-640 to Resolved

Comment 8 Darran Lofthouse 2015-01-26 04:12:06 EST

Yes the fix for SECURITY-640 went into JBoss Negotation 2.3.0.CR2 so has been included in EAP 6 for quite a while.

Comment 9 Josef Cacek 2015-01-26 05:19:04 EST

Based on Comment 8 I'm changing status to ON_QA.
DR1 already contained JBoss Negotiation in version 2.3.4.Final-redhat-1

Note You need to log in before you can comment on or make changes to this bug.