[AAA-15] aaa-authn is not providing correct response for http basic auth failure Created: 21/Sep/14 Updated: 21/Mar/19 Resolved: 22/Sep/14 |
|
| Status: | Resolved |
| Project: | aaa |
| Component/s: | General |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Ed Warnicke | Assignee: | Liem Nguyen |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 2009 |
| Description |
|
aaa-authn when doing http basic auth is not returning http header: WWW-Authenticate: Basic realm="insert realm" as required in the RFC: http://tools.ietf.org/html/rfc1945#section-10.16 Please also note useful info here: http://en.wikipedia.org/wiki/Basic_access_authentication |
| Comments |
| Comment by Ed Warnicke [ 21/Sep/14 ] |
|
So... we appear to be getting the WWW-Authenticate: Basic realm="insert realm" now, but basic auth itself is broken. Please try feature:install odl-aaa-authn odl-restconf odl-toaster and then from a browser hit the URL: http://localhost:8181/restconf/operational/toaster:toaster You should get prompted for a username and password, but admin admin will not be accepted. Likewise if you then try it from Postman sending: Authorization: Basic YWRtaW46YWRtaW4= (which previously had worked in the authn case) it will not work. |
| Comment by Liem Nguyen [ 22/Sep/14 ] |
|
This has been verified by Ed and me. |