Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-8059

Support for multiple authentication schemes via HTTP.

    XMLWordPrintableJSON

    Details

      Description

      As per RFC7230, HTTP authentication does support using multiple schemes in a single Authorization header. Our current implementations do not seem to support this; namely the libprocess basic authenticator does assume a single scheme.
      The above RFC also says explicitly that we must never have multiple Authorization headers in the same request but must combine them.
      RFC2617 then has additional information on how to properly react upon multiple authentication schemes (also via proxy auth).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tillt Till Toenshoff
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: