David Fischer added the comment:
With this patch, the AbstractBasicAuthHandler (and its subclasses) performs a
regex search on the amalgamated "www-authenticate" header for basic
authentication.
This fixes the case where you have an HTTP response of the form:
HTTP/1.1 401 Aut
David Fischer added the comment:
I think the key words in the RFC are "strongest auth-scheme it understands". I
think in an ideal world, the urllib2 opener (given its handlers) would see that
it doesn't understand the second auth-scheme and then see if it understands the
fir
David Fischer added the comment:
Perhaps I should have chosen my words more carefully. There are two
www-authenticate headers the single HTTP response.
--
___
Python tracker
<http://bugs.python.org/issue13
New submission from David Fischer :
I ran into an application that responded with two www-authenticate challenges
to an HTTP request. First, it sends a standard Basic authentication challenge
and then it also returns a www-authenticate header referencing another scheme.
This looks legal to
David Fischer added the comment:
I attached a diff of a fix for this bug. This may not be the ideal fix, but
hopefully it will give the developer who actually does resolve it a good start.
--
keywords: +patch
Added file: http://bugs.python.org/file16204/urllib2-3819.diff
David Fischer added the comment:
I believe this bug affects urllib2 when it talks to the corporate
single-sign-on solution Siteminder. Siteminder usually is installed as a web
server module. When a request is made to the server (origin server), Siteminder
issues a 302 redirect to a central
