[HTTPCLIENT-1962] WindowsNegotiateScheme incorrectly requires challenge in initial response - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 5.0 Beta3
Fix Version/s: None
Component/s: HttpClient (Windows)
Labels:
- stuck
- volunteers-wanted

Description

'WindowsNegotiateScheme.processChallenge' requires the value of an AuthChallenge to be present on any invocation, as it requires the GSSAPI-Data to perform the authentication process.

But the "WWW-Authenticate"-header of the initial "401 Unauthorized" response does not contain any GSSAPI-Data (see RFC4559, Section 4.1, first paragraph).

'WindowsNegotiateScheme.generateAuthResponse' correctly handles the initial case, as it does not require any challenge to be present.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Volker Jung

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Jan/19 13:29

Updated:: 07/May/23 12:11

Resolved:: 07/May/23 12:11