+++ This bug was initially created as a clone of Bug #1131225 +++
Description of problem:
Negotiation will not fallback to FORM authentication if the client has a kerberos token from a different KDC than what JBoss is configured to use.
This results in the user getting presented with a 401 error and no way to login.
Steps to Reproduce:
Get a token from a different KDC than what JBoss is configured to use. Hit a Negotiation protected endpoint. This will result in a 401.
With the patch applied, it is possible to fallback to form authentication.
--- Additional comment from Derek Horton on 2014-08-18 14:01:11 EDT ---
--- Additional comment from JBoss JIRA Server on 2014-08-18 14:08:36 EDT ---
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-854 to Resolved
Verified on EAP 6.3.1.CR1