Bug 1131225 - [GSS] (6.4.0) Fallback to FORM authentication when an invalid kerberos token is used
Summary: [GSS] (6.4.0) Fallback to FORM authentication when an invalid kerberos token ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: DR1
: EAP 6.4.0
Assignee: Derek Horton
QA Contact: Pavel Slavicek
URL:
Whiteboard:
Depends On:
Blocks: 1131227 1131229
TreeView+ depends on / blocked
 
Reported: 2014-08-18 17:59 UTC by Derek Horton
Modified: 2019-08-19 12:40 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
: 1131229 (view as bug list)
Environment:
Last Closed: 2019-08-19 12:38:17 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SECURITY-854 0 Major Resolved Fallback to FORM authentication when an invalid kerberos token is used 2019-03-04 07:49:19 UTC

Description Derek Horton 2014-08-18 17:59:36 UTC 
Description of problem:

Negotiation will not fallback to FORM authentication if the client has a kerberos token from a different KDC than what JBoss is configured to use.
This results in the user getting presented with a 401 error and no way to login.


Steps to Reproduce:

Get a token from a different KDC than what JBoss is configured to use. Hit a Negotiation protected endpoint. This will result in a 401.
With the patch applied, it is possible to fallback to form authentication.
Comment 1 Derek Horton 2014-08-18 18:01:11 UTC 
PR:
https://github.com/wildfly-security/jboss-negotiation/pull/19
Comment 2 JBoss JIRA Server 2014-08-18 18:08:36 UTC 
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-854 to Resolved
Comment 3 Kabir Khan 2014-08-22 15:41:39 UTC 
Should be fixed by component upgrade to negotiation 2.3.4 -> MODIFIED
Comment 4 FIlip Bogyai 2014-09-19 11:44:23 UTC 
Verified on EAP 6.4.0.DR1
Note You need to log in before you can comment on or make changes to this bug.