[
https://issues.apache.org/jira/browse/HTTPCLIENT-1962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16744130#comment-16744130
]
Michael Osipov commented on HTTPCLIENT-1962:
--------------------------------------------
Please see HTTPCLIENT-1625. Consider it broken. It is also marked as
experimental and should not be used in production environments.
> WindowsNegotiateScheme incorrectly requires challenge in initial response
> -------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1962
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1962
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (Windows)
> Affects Versions: 5.0 Beta3
> Reporter: Volker Jung
> Priority: Major
>
> 'WindowsNegotiateScheme.processChallenge' requires the value of an
> AuthChallenge to be present on any invocation, as it requires the GSSAPI-Data
> to perform the authentication process.
> But the "WWW-Authenticate"-header of the initial "401 Unauthorized" response
> does not contain any GSSAPI-Data (see
> [RFC4559|https://tools.ietf.org/html/rfc4559#page-2], Section 4.1, first
> paragraph).
> 'WindowsNegotiateScheme.generateAuthResponse' correctly handles the initial
> case, as it does not require any challenge to be present.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
