Bug 587145 - Add GSS-Negotiate support
If a "WWW-Authenticate: Negotiate" HTTP header is spotted libsoup will check if the host is on blacklist and the authentication fails if so. Otherwise the host is compared against a trusted URIs (if the trusted URIs list is not set all the HTTPS requests are trusted by default) and then processed. The trusted URIs list and blacklist are both created when a SoupNegotiateAuth is created. The trusted URIs list (blacklist) is parsed from the SOUP_GSSAPI_TRUSTED_URIS ( SOUP_GSSAPI_BLACKLIST_URIS) environment variable that expects the URIs be comma separated (e.g. "http://www.example.com,https://www.test.com:80"). Then the request is processed by the GSS library (the SPNEGO mechanism is used) which produces a token that is send back to the server in the next request. The reply is then again processed by the GSS library and the authentication succeeds by receiving the GSS_S_COMPLETE status or we continue negotiating when the GSS_S_CONTINUE_NEEDED is received. The SoupAuth ...
parent
595a20a0
Please register or sign in to comment