[
https://issues.apache.org/jira/browse/HTTPCLIENT-1712?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15595550#comment-15595550
]
Larry McCay commented on HTTPCLIENT-1712:
-----------------------------------------
Hi [~olegk] - sorry for not being more clear about that. The issue is that when
we try and connect to the backend server via SPNEGO and SSL is enabled that the
SPN is incorrectly being represented as HTTPS/something@somerealm instead of
HTTP/something@somerealm. Therefore, the kerberos connection fails due to the
expected SPN not being in the KDC.
As a result, our SSO functionality which is dependent on being able to protect
the cookie over SSL cannot be used for UIs either.
See: https://issues.apache.org/jira/browse/KNOX-762 for more details.
> SPNego Authentication to HTTPS service
> --------------------------------------
>
> Key: HTTPCLIENT-1712
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1712
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5.1
> Reporter: Georg Romstorfer
> Priority: Minor
> Attachments: GGSSchemeBase.patch
>
>
> When connecting with the HttpClient to a website through the HTTPS-Protocol,
> SPNego Authentication does not work, because in the method
> GGSSchemeBase#generateGSSToken is the service name hardcoded to HTTP.
> A workaround is to extend the class SPNegoScheme and override this method.
> To fix this, I think it would be best to get the protocol from the current
> connection, but I don't how to get the connection in this class, so I can't
> provide a patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
