Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1131225 - [GSS] (6.4.0) Fallback to FORM authentication when an invalid kerberos token is used
[GSS] (6.4.0) Fallback to FORM authentication when an invalid kerberos token ...
Status: VERIFIED
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
6.3.0
Unspecified Unspecified
unspecified Severity unspecified
: DR1
: EAP 6.4.0
Assigned To: Derek Horton
Pavel Slavicek
:
Depends On:
Blocks: 1131227 1131229
  Show dependency treegraph
 
Reported: 2014-08-18 13:59 EDT by Derek Horton
Modified: 2018-06-07 17:31 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1131229 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SECURITY-854 Major Resolved Fallback to FORM authentication when an invalid kerberos token is used 2018-02-07 18:19 EST

  None (edit)
Description Derek Horton 2014-08-18 13:59:36 EDT 
Description of problem:

Negotiation will not fallback to FORM authentication if the client has a kerberos token from a different KDC than what JBoss is configured to use.
This results in the user getting presented with a 401 error and no way to login.


Steps to Reproduce:

Get a token from a different KDC than what JBoss is configured to use. Hit a Negotiation protected endpoint. This will result in a 401.
With the patch applied, it is possible to fallback to form authentication.
Comment 2 JBoss JIRA Server 2014-08-18 14:08:36 EDT 
Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira SECURITY-854 to Resolved
Comment 3 Kabir Khan 2014-08-22 11:41:39 EDT 
Should be fixed by component upgrade to negotiation 2.3.4 -> MODIFIED
Comment 4 FIlip Bogyai 2014-09-19 07:44:23 EDT 
Verified on EAP 6.4.0.DR1
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.