'[jira] [Closed] (HTTPCLIENT-2162) SSPI-based auth might fail if output token size is too small'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-commons-dev
Subject:    [jira] [Closed] (HTTPCLIENT-2162) SSPI-based auth might fail if output token size is too small
From:       "Michael Osipov (Jira)" <jira () apache ! org>
Date:       2021-06-12 10:27:00
Message-ID: JIRA.13383409.1623413810000.592320.1623493620108 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/HTTPCLIENT-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Michael Osipov closed HTTPCLIENT-2162.
--------------------------------------
    Resolution: Duplicate

> SSPI-based auth might fail if output token size is too small
> ------------------------------------------------------------
> 
> Key: HTTPCLIENT-2162
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2162
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.5
> Environment: RTC v6061
> Apache v4.5
> Reporter: Balouin
> Priority: Major
> 
> This bug refers to a previous Apache bug \
> https://issues.apache.org/jira/browse/HTTPCLIENT-1582 for the same token size \
> issue. We have a customer who reported the following related issue : The Integrated \
> Windows Authentication in RTC clients (both Eclipse and Visual Studio) doesn't work \
> when the user's token size is higher than 12288 bytes, because the Apache HTTP \
> library used by RTC uses this hardcoded constant that is too small. \
> {color:#172b4d}The involved users are from i-micro and i-method teams and they are \
> technical referents for the developers respectively local and mainframe.{color} \
> {color:#172b4d}So they have access to a lot of data, which gives them a much bigger \
> security token because it contains more information than a "normal" \
> developer.{color} {color:#1d1c1d}{color:#172b4d}Potentially about a hundred users \
> are impacted with this IWA problem.{color} {color}
> We would therefore like to submit a pull request for your team.
> Indeed they found a solution , but it first needs to be fixed in Apache and then , \
> the RTC /Foundation development team would deliver a final solution with that fix. \
> The patch does not modify the Sspi.MAX_TOKEN_SIZE constant in JNA. It adds a change \
> to org.apache.http.impl.auth.win.WindowsNegotiateScheme#‌getToken in order to \
> either use the existing Sspi.MAX_TOKEN_SIZE constant or, when present use instead \
> the org.apache.http.maxKerberosTokenSize property. This allows specifying for \
> example "-Dorg.apache.http.maxKerberosTokenSize=32767" on the Java command line (or \
> in eclipse.ini, scm.ini, etc.) in order to allocate a bigger buffer to fit the \
> Kerberos token. Thanks for your help.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic