Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
4.5
-
None
-
None
-
RTC v6061
Apache v4.5
Description
This bug refers to a previous Apache bug https://issues.apache.org/jira/browse/HTTPCLIENT-1582 for the same token size issue.
We have a customer who reported the following related issue : The Integrated Windows Authentication in RTC clients (both Eclipse and Visual Studio) doesn't work when the user's token size is higher than 12288 bytes, because the Apache HTTP library used by RTC uses this hardcoded constant that is too small.
The involved users are from i-micro and i-method teams and they are technical referents for the developers respectively local and mainframe.
So they have access to a lot of data, which gives them a much bigger security token because it contains more information than a "normal" developer.
Potentially about a hundred users are impacted with this IWA problem.
We would therefore like to submit a pull request for your team.
Indeed they found a solution , but it first needs to be fixed in Apache and then , the RTC /Foundation development team would deliver a final solution with that fix.
The patch does not modify the Sspi.MAX_TOKEN_SIZE constant in JNA.
It adds a change to org.apache.http.impl.auth.win.WindowsNegotiateScheme#‌getToken in order to either use the existing Sspi.MAX_TOKEN_SIZE constant or, when present use instead the org.apache.http.maxKerberosTokenSize property.
This allows specifying for example "-Dorg.apache.http.maxKerberosTokenSize=32767" on the Java command line (or in eclipse.ini, scm.ini, etc.) in order to allocate a bigger buffer to fit the Kerberos token.
Thanks for your help.
Attachments
Issue Links
- duplicates
-
HTTPCLIENT-1582 SSPI-based auth might fail if output token size is too small
- Resolved