WWW-Authenticate in 200 OK response

Nica, George gheorghe.nica at baml.com
Fri Sep 14 20:59:16 UTC 2018


I am currently working on a multi-tier application, trying to use nginx as load balancer.
The issue is that nginx seems to be adding WWW-Authenticate in the 200 OK response after the Kerberos authentication has taken place, which confuses the client. (The client could potentially ignore it, but that's possibly another issue.)
Not sure this is expected... Any suggestion on how to avoid or work around this?

[2018-09-14 14:46:14.471] root INFO: @@@@@@ Connecting to: 'http://host1:39609/url1'
send: 'GET /url1 HTTP/1.1\r\nX-Client-User-Name: uname1\r\nAccept-Encoding: gzip\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: qz.qzdev.run\r\nHost: host1:39609\r\nX-Client-Host-Name: host2\r\nContent-Type: application/json\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Server: nginx/1.14.0
header: Date: Fri, 14 Sep 2018 18:46:14 GMT
header: Content-Type: text/html
header: Content-Length: 195
header: Connection: close
header: WWW-Authenticate: Negotiate
header: WWW-Authenticate: Basic realm=""
header: Access-Control-Allow-Credentials: true
send: 'GET /url1 HTTP/1.1\r\nX-Client-User-Name: uname1\r\nAccept-Encoding: gzip\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: qz.qzdev.run\r\nHost: host1:39609\r\nX-Client-Host-Name: host2\r\nContent-Type: application/json\r\nAuthorization: Negotiate YII........................ AghEw==\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: nginx/1.14.0
header: Date: Fri, 14 Sep 2018 18:46:14 GMT
header: Content-Type: application/json
header: Content-Length: 430908
header: Connection: close
header: WWW-Authenticate: Negotiate YI .....gA==
header: WWW-Authenticate: Basic realm=""
header: Set-Cookie: session=ey...ZW4; HttpOnly; Path=/
header: Access-Control-Allow-Credentials: true
[2018-09-14 14:46:14.779] client_http_auth CRITICAL: GSSAPI failed!

Best regards,
George

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180914/98022deb/attachment.html>


More information about the nginx mailing list