You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2017/10/06 16:31:00 UTC

[jira] [Created] (MESOS-8059) Support for multiple authentication schemes via HTTP.

Till Toenshoff created MESOS-8059:
-------------------------------------

             Summary: Support for multiple authentication schemes via HTTP. 
                 Key: MESOS-8059
                 URL: https://issues.apache.org/jira/browse/MESOS-8059
             Project: Mesos
          Issue Type: Improvement
          Components: libprocess
            Reporter: Till Toenshoff


As per [RFC7230|https://tools.ietf.org/html/rfc7230#section-3.2.2], HTTP authentication does support using multiple schemes in a single {{Authorization}} header. Our current implementations do not seem to support this; namely the libprocess basic authenticator does assume a single scheme.
The above RFC also says explicitly that we must never have multiple {{Authorization}} headers in the same request but must combine them.
[RFC2617|http://www.ietf.org/rfc/rfc2617.txt] then has additional information on how to properly react upon multiple authentication schemes (also via proxy auth).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)