spring-security-kerberos icon indicating copy to clipboard operation
spring-security-kerberos copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

SES-136: Option to provide content with WWW-Authentication:Negotiate Response of SpnegoEntryPoint

Open spring-projects-issues opened this issue 11 years ago • 1 comments
trafficstars

André Schäfer (Migrated from SES-136) said:

Problem: Browsers that do not Support Kerberos Authentication receive and display an empty page when authentication response is provided by the SpnegoEntryPoint. This is behavior leaves the user without any information or option to proceed.

The Spring Security solution SEC-1406 with DelegatingAuthenticationEntryPoint requires information within the initial request to decide for a certain behavior. But is not able to create a fallback scenario if the browser doesn't support the authentication method.

One way to solve the problem is to perform a forward after the correct headers have been added to the response. This way it is possible to either provide usefull information in a kind of 401 error page or even present a login form to provide another authentication mechnism.

spring-projects-issues avatar Jan 08 '14 01:01 spring-projects-issues

André Schäfer said:

I implemented a modification of the SpnegoEntryPoint to forward to a login form for example: https://github.com/spring-projects/spring-security-kerberos/pull/4

spring-projects-issues avatar Jan 08 '14 01:01 spring-projects-issues