You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2017/10/06 16:31:00 UTC
[jira] [Created] (MESOS-8059) Support for multiple authentication
schemes via HTTP.
Till Toenshoff created MESOS-8059:
-------------------------------------
Summary: Support for multiple authentication schemes via HTTP.
Key: MESOS-8059
URL: https://issues.apache.org/jira/browse/MESOS-8059
Project: Mesos
Issue Type: Improvement
Components: libprocess
Reporter: Till Toenshoff
As per [RFC7230|https://tools.ietf.org/html/rfc7230#section-3.2.2], HTTP authentication does support using multiple schemes in a single {{Authorization}} header. Our current implementations do not seem to support this; namely the libprocess basic authenticator does assume a single scheme.
The above RFC also says explicitly that we must never have multiple {{Authorization}} headers in the same request but must combine them.
[RFC2617|http://www.ietf.org/rfc/rfc2617.txt] then has additional information on how to properly react upon multiple authentication schemes (also via proxy auth).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)