Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8282293

Domain value for system property jdk.https.negotiate.cbt should be case-insensitive

    XMLWordPrintable

Details

    • b15
    • Verified

    Backports

      Description

        I see the following issues with HTTPS Channel Binding support for Java GSS/Kerberos.

        1) The domain value in system property "jdk.https.negotiate.cbt=domain:<domains>" is CASE sensitive and looks for exact match.
        2) HTTP Client should quit early when "jdk.https.negotiate.cbt" refer an INVALID value. Ex: jdk.https.negotiate.cbt=Xyz. It fails with response code 401 after 20 attempts.
        3) HTTP Client should quit early when "jdk.https.negotiate.cbt=never" for a URL configured with EAP=REQUIRED. It fails with response code 401 after 20 attempts.
        4) HTTP Client should quit early when "jdk.https.negotiate.cbt=domain:<domains>" contain INVALID/INCORRECT domain names for a URL configured with EAP=REQUIRED. It fails with response code 401 after 20 attempts.
        5) When the system property "http.auth.preference" set to NTLM for a URL configured with EAP=REQUIRED, it fails. But, it pass with "http.auth.preference" set to Kerberos and Negotiate.

        Attachments

          Issue Links

            Activity

              People

                ssahoo Sibabrata Sahoo
                ssahoo Sibabrata Sahoo
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: