[ http://issues.apache.org/jira/browse/GERONIMO-1616?page=all ] David Jencks reopened GERONIMO-1616: ------------------------------------
Correct solution for interoperability is to append @target during encode and remove it again during decode. Fixed in 1.1 branch in openejb rev 2641. > CSS GSSUP token encoding sets username to [EMAIL PROTECTED] but decoding does > not reverse that > -------------------------------------------------------------------------------------------- > > Key: GERONIMO-1616 > URL: http://issues.apache.org/jira/browse/GERONIMO-1616 > Project: Geronimo > Type: Bug > Security: public(Regular issues) > Components: OpenEJB, CORBA > Versions: 1.0 > Reporter: Aaron Mulder > Assignee: Aaron Mulder > Fix For: 1.2, 1.1 > > When a dynamic GSSUP client authenticates, the username sent to the server is > [EMAIL PROTECTED], but when the GSSUP server decodes the token, it takes the > whole string as the username, and therefore authentication from Geronimo to > Geronimo using dynamic GSSUP always fails. > Since there's a separate field in the GSSUP token for the domain name, I > assume the username should just be the username and not [EMAIL PROTECTED] -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira