Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8282293

Domain value for system property jdk.https.negotiate.cbt should be case-insensitive

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b15

      Backports

        Description

        I see the following issues with HTTPS Channel Binding support for Java GSS/Kerberos.

        1) The domain value in system property "jdk.https.negotiate.cbt=domain:<domains>" is CASE sensitive and looks for exact match.
        2) HTTP Client should quit early when "jdk.https.negotiate.cbt" refer an INVALID value. Ex: jdk.https.negotiate.cbt=Xyz. It fails with response code 401 after 20 attempts.
        3) HTTP Client should quit early when "jdk.https.negotiate.cbt=never" for a URL configured with EAP=REQUIRED. It fails with response code 401 after 20 attempts.
        4) HTTP Client should quit early when "jdk.https.negotiate.cbt=domain:<domains>" contain INVALID/INCORRECT domain names for a URL configured with EAP=REQUIRED. It fails with response code 401 after 20 attempts.
        5) When the system property "http.auth.preference" set to NTLM for a URL configured with EAP=REQUIRED, it fails. But, it pass with "http.auth.preference" set to Kerberos and Negotiate.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                ssahoo Sibabrata Sahoo
                Reporter:
                ssahoo Sibabrata Sahoo
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: