[ https://issues.apache.org/jira/browse/HTTPCLIENT-1962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16744130#comment-16744130 ]
Michael Osipov commented on HTTPCLIENT-1962: -------------------------------------------- Please see HTTPCLIENT-1625. Consider it broken. It is also marked as experimental and should not be used in production environments. > WindowsNegotiateScheme incorrectly requires challenge in initial response > ------------------------------------------------------------------------- > > Key: HTTPCLIENT-1962 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1962 > Project: HttpComponents HttpClient > Issue Type: Bug > Components: HttpClient (Windows) > Affects Versions: 5.0 Beta3 > Reporter: Volker Jung > Priority: Major > > 'WindowsNegotiateScheme.processChallenge' requires the value of an > AuthChallenge to be present on any invocation, as it requires the GSSAPI-Data > to perform the authentication process. > But the "WWW-Authenticate"-header of the initial "401 Unauthorized" response > does not contain any GSSAPI-Data (see > [RFC4559|https://tools.ietf.org/html/rfc4559#page-2], Section 4.1, first > paragraph). > 'WindowsNegotiateScheme.generateAuthResponse' correctly handles the initial > case, as it does not require any challenge to be present. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org