Troubleshooting HTTP Simple and Protected Negotiation Mechanism
February 1st, 2011
No comments
Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)
1. A client requests (HTTP GET) a page from a server;
2. The server returns HTTP code 401 along with a header: “WWW-Authenticate: Negotiate” (Authentication Required, and we can negotiate);
3. The client the re-sends the request (HTTP GET) but this time with an authorisation header (“Authorization: Negotiate “) along with three “MechTypes” (for example MS Kerberos 5, Kerberos 5 and NTLMSSP);
4. The server authenticates the client using one of the MechTypes (for example “supportedMech” used may be for an IIS server MS Kerberos 5), returning an HTTP 200 (OK) along with the last authenticate header plus the data requested.
Categories: Uncategorized
