On 14/05/2015 21:11, Mark Thomas wrote: > On 29/03/2015 23:13, André Warnier wrote: >> David Marsh wrote: >>> I've tested all the following public JDKs >>> jdk-7u45-windows-i586.exe >>> jdk-7u65-windows-i586.exe >>> jdk-7u75-windows-i586.exe >>> jdk-8-windows-i586.exe >>> jdk-8u5-windows-i586.exe >>> jdk-8u11-windows-i586.exe >>> jdk-8u20-windows-i586.exe >>> jdk-8u25-windows-i586.exe >>> jdk-8u31-windows-i586.exe >>> jdk-8u40-windows-i586.exe <-- Only this one fails SPNEGO / Bad GSS Token >>> >>> Seems a recent "fix" must broken it. >> >> That is really great info. Thanks. > > As promised I have found some time to look into this. It appears that > this fix in 8u40 onwards broke SPNEGO. > > https://bugs.openjdk.java.net/browse/JDK-8048194 > > The fix that was applied wasn't the one suggested in the bug report. > > I've spent some time looking at the code but I haven't found a way > around this yet.
Good news (sort of). I have an *extremely* dirty hack that fixes this on my test instance by moving some of the data about in the token that the client sends. It works with 8u20 and 8u45. At the moment the hack is extremely fragile. I need to make it more robust and make it optional. I should be able to get that done tomorrow and have it included in the next Tomcat 8 release. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
