Cross realm authentication doesn't work
---------------------------------------
Key: HTTPCLIENT-1067
URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1067
Project: HttpComponents HttpClient
Issue Type: Bug
Components: HttpClient
Affects Versions: 4.1 Final
Reporter: Gaurav Singhal
Cross realm authentication doesn't work because of incomplete server SPN passed
into GSS-API.
Class Name: NegotiateScheme
Line # 205 (GSSName serverName = manager.createName("HTTP/" + authServer,
null);)
This piece of code doesn't append the server realm while creating name. Because
of null server realm, jdk always append default realm by reading krb5.conf
file. but there can be case where server realm is different than default realm
configured in krb5.conf file.
Modified code:
----------------------------------------------------------------------------------------------------------------------------------------
String strServerName = Krb5Utility.mapDomainToRealm(authServer);
strServerName = strServerName == null ? "" : ("@" + strServerName);
GSSName serverName = manager.createName("HTTP/" + authServer + strServerName,
null);
----------------------------------------------------------------------------------------------------------------------------------------
Krb5Utility.mapDomainToRealm method code
----------------------------------------------------------------------------------------------------------------------------------------
public static String mapDomainToRealm(String name) {
String result = null;
try {
String subname = null;
Config c = Config.getInstance();
if ((result = c.getDefault(name, "domain_realm")) != null)
return result;
else {
for (int i = 1; i < name.length(); i++) {
// mapping could be .ibm.com = AUSTIN.IBM.COM
if ((name.charAt(i) == '.') && (i !=
name.length() - 1)) {
subname = name.substring(i);
result = c.getDefault(subname,
"domain_realm");
if (result != null) {
break;
} else {
// or mapping could be ibm.com
= AUSTIN.IBM.COM
subname = name.substring(i + 1);
result = c.getDefault(subname,
"domain_realm");
if (result != null) {
break;
}
}
}
}
}
} catch (KrbException e) {
}
return result;
}
----------------------------------------------------------------------------------------------------------------------------------------
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
