You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Anand Mazumdar (JIRA)" <ji...@apache.org> on 2017/02/02 19:16:51 UTC
[jira] [Updated] (MESOS-7053) Support multiple challenges for
WWW-Authencate http header.
[ https://issues.apache.org/jira/browse/MESOS-7053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anand Mazumdar updated MESOS-7053:
----------------------------------
Summary: Support multiple challenges for WWW-Authencate http header. (was: Support multiple challenges WWW-Authencate http heade.)
> Support multiple challenges for WWW-Authencate http header.
> -----------------------------------------------------------
>
> Key: MESOS-7053
> URL: https://issues.apache.org/jira/browse/MESOS-7053
> Project: Mesos
> Issue Type: Bug
> Components: libprocess
> Reporter: Gilbert Song
> Labels: authentication, http, libprocess
>
> According to RFC, duplicate http headers are not allowed:
> https://tools.ietf.org/html/rfc7230#section-3.2.2
> However, multiple headers can be appended as a comma separated list for one single header section. This is also true for multiple challenges in Www-Authenticate with a 401 Unauthorized response:
> https://tools.ietf.org/html/rfc2617#section-4.6
> We should support multiple challenges case and figure out which one is the strongest auth-scheme that we should go with.
> A simple proposal might be selecting an auth-scheme by defining a priority, e.g.,
> 1. Bearer
> 2. Basic
> ...
> For sure, more discussion is needed.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)