Bug 1131229 - [GSS] (6.3.1) Fallback to FORM authentication when an invalid kerberos token is used
Summary: [GSS] (6.3.1) Fallback to FORM authentication when an invalid kerberos token ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.3.1
Assignee: baranowb
QA Contact: Josef Cacek
Russell Dickenson
URL:
Whiteboard:
Depends On: 1131225
Blocks: eap631-blockers, eap631-payload, eap63-cp01-blockers 1131231 1133098
TreeView+ depends on / blocked
 
Reported: 2014-08-18 18:22 UTC by Derek Horton
Modified: 2018-12-06 17:47 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1131225
Environment:
Last Closed: 2014-10-13 18:36:46 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SECURITY-854 0 Major Resolved Fallback to FORM authentication when an invalid kerberos token is used 2015-06-17 11:05:49 UTC

Description Derek Horton 2014-08-18 18:22:46 UTC
+++ This bug was initially created as a clone of Bug #1131225 +++

Description of problem:

Negotiation will not fallback to FORM authentication if the client has a kerberos token from a different KDC than what JBoss is configured to use.
This results in the user getting presented with a 401 error and no way to login.


Steps to Reproduce:

Get a token from a different KDC than what JBoss is configured to use. Hit a Negotiation protected endpoint. This will result in a 401.
With the patch applied, it is possible to fallback to form authentication.

--- Additional comment from Derek Horton on 2014-08-18 14:01:11 EDT ---

PR:
https://github.com/wildfly-security/jboss-negotiation/pull/19

--- Additional comment from JBoss JIRA Server on 2014-08-18 14:08:36 EDT ---

Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-854 to Resolved

Comment 2 FIlip Bogyai 2014-09-02 07:39:05 UTC
Verified on EAP 6.3.1.CR1


Note You need to log in before you can comment on or make changes to this bug.