Bug 1085503 - [GSS] (6.2.x) JBoss Negotiation should fallback to form authentication instead of returning 401
Summary: [GSS] (6.2.x) JBoss Negotiation should fallback to form authentication instea...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.2.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR2
: EAP 6.2.3
Assignee: Derek Horton
QA Contact: Josef Cacek
Russell Dickenson
URL:
Whiteboard:
Depends On: 1085500
Blocks: eap62-cp03-blockers 1085506
TreeView+ depends on / blocked
 
Reported: 2014-04-08 18:32 UTC by Derek Horton
Modified: 2018-12-05 18:05 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, an invalid entry in the KDC would result in users being presented with an HTTP 401 error, instead of the login form. In this release the code has been updated to capture invalid entries in the KDC and return the login form as expected.
Clone Of: 1085500
Environment:
Last Closed: 2014-06-09 12:46:32 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SECURITY-640 0 Major Resolved Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory. 2014-09-01 12:06:23 UTC

Description Derek Horton 2014-04-08 18:32:33 UTC
Description of problem:
JBoss Negotiation should fallback to form authentication instead of returning 401

Steps to Reproduce:
1.  Configured an invalid KDC
2.  Hit the JBoss Negotiation Toolkit SecuredServlet (test 3)
3.  A form should be returned instead of a 401

Comment 1 baranowb 2014-04-11 06:33:23 UTC
Assigning to pskopek since he pleaded to PL issues for EAP6

Comment 2 baranowb 2014-04-15 11:59:02 UTC
Assigning back to derek, this is negotiation issue, its not part of PL as I assumed.

Comment 3 Derek Horton 2014-04-16 20:35:40 UTC
PR
https://github.com/wildfly/jboss-negotiation/pull/4

Comment 4 Ondrej Lukas 2014-05-06 13:23:13 UTC
Verified in EAP 6.2.3.CR2.

Comment 5 Nichola Moore 2014-05-08 05:12:24 UTC
Please can you add Doc Text. Thank you.

Comment 7 JBoss JIRA Server 2014-09-01 08:00:14 UTC
Hrishi Salvi <hrishishikesh.salvi> updated the status of jira SECURITY-640 to Closed

Comment 8 JBoss JIRA Server 2014-09-01 12:05:56 UTC
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-640 to Reopened

Comment 9 JBoss JIRA Server 2014-09-01 12:06:24 UTC
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-640 to Resolved


Note You need to log in before you can comment on or make changes to this bug.