+++ This bug was initially created as a clone of Bug #1131225 +++ Description of problem: Negotiation will not fallback to FORM authentication if the client has a kerberos token from a different KDC than what JBoss is configured to use. This results in the user getting presented with a 401 error and no way to login. Steps to Reproduce: Get a token from a different KDC than what JBoss is configured to use. Hit a Negotiation protected endpoint. This will result in a 401. With the patch applied, it is possible to fallback to form authentication. --- Additional comment from Derek Horton on 2014-08-18 14:01:11 EDT --- PR: https://github.com/wildfly-security/jboss-negotiation/pull/19 --- Additional comment from JBoss JIRA Server on 2014-08-18 14:08:36 EDT --- Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-854 to Resolved
Verified on EAP 6.3.1.CR1