Skip to content
Commit 6a8826f0 authored by Guido Günther's avatar Guido Günther Committed by Tomas Popela
Browse files

Bug 587145 - Add GSS-Negotiate support 

If a "WWW-Authenticate: Negotiate" HTTP header is spotted libsoup will check if
the host is on blacklist and the authentication fails if so. Otherwise the host
is compared against a trusted URIs (if the trusted URIs list is not set all
the HTTPS requests are trusted by default) and then processed. The trusted URIs
list and blacklist are both created when a SoupNegotiateAuth is created. The
trusted URIs list (blacklist) is parsed from the SOUP_GSSAPI_TRUSTED_URIS (
SOUP_GSSAPI_BLACKLIST_URIS) environment variable that expects the URIs be comma
separated (e.g. "http://www.example.com,https://www.test.com:80"). Then the
request is processed by the GSS library (the SPNEGO mechanism is used) which
produces a token that is send back to the server in the next request. The reply
is then again processed by the GSS library and the authentication succeeds by
receiving the GSS_S_COMPLETE status or we continue negotiating when the
GSS_S_CONTINUE_NEEDED is received.

The SoupAuth ...
parent 595a20a0
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment