Folks,We have our new CAS 3.5.0 in production since yesterday, and a little problem aroused with Iron browser (http://www.srware.net) on a computer outside our active directory domain : - first visit on a cassified application throws an 401 Status with Negotiate query from CAS : OK - Iron prompts for a login/password (browser issue I think), one provides some random user/password and validate - CAS show login form as expected... but with a 401 Status code (??) instead of expected 200. - Iron triggers a new login/password prompt, user have to cancel to fill up the CAS login form.
Involved class is org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction line 116-119 : if (spnegoCredentials.getPrincipal() == null) { logger.debug("Setting HTTP Status to 401"); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); }I've tested on my dev server with these lines commented out and I get as expected a 200 status code with CAS login page. We're using only kerberos auth, not ntlm.
Note: Firefox & MSIE show up CAS login form although the 401 status code was sent by CAS. Regards. -- Philippe MARASSE Service Informatique - Centre Hospitalier Henri Laborit BP 587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19
smime.p7s
Description: Signature cryptographique S/MIME