hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1712) SPNego Authentication to HTTPS service
Date Fri, 21 Oct 2016 16:12:58 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15595550#comment-15595550
] 

Larry McCay commented on HTTPCLIENT-1712:
-----------------------------------------

Hi [~olegk] - sorry for not being more clear about that. The issue is that when we try and
connect to the backend server via SPNEGO and SSL is enabled that the SPN is incorrectly being
represented as HTTPS/something@somerealm instead of HTTP/something@somerealm. Therefore, the
kerberos connection fails due to the expected SPN not being in the KDC.

As a result, our SSO functionality which is dependent on being able to protect the cookie
over SSL cannot be used for UIs either.

See: https://issues.apache.org/jira/browse/KNOX-762 for more details.

> SPNego Authentication to HTTPS service
> --------------------------------------
>
>                 Key: HTTPCLIENT-1712
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1712
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient (classic)
>    Affects Versions: 4.5.1
>            Reporter: Georg Romstorfer
>            Priority: Minor
>         Attachments: GGSSchemeBase.patch
>
>
> When connecting with the HttpClient to a website through the HTTPS-Protocol, SPNego Authentication
does not work, because in the method GGSSchemeBase#generateGSSToken is the service name hardcoded
to HTTP.
> A workaround is to extend the class SPNegoScheme and override this method.
> To fix this, I think it would be best to get the protocol from the current connection,
but I don't how to get the connection in this class, so I can't provide a patch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message