[NXP-24792] Don't challenge clients with basic auth on api calls with invalid credentials - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Duplicate
Affects Version/s: 9.10, 10.1
Fix Version/s: None
Component/s: Rest API

Tags:
- NxPresales
- nbm
Backlog priority:
500

Description

The server responds with 401 and includes the header WWW-Authenticate: Basic realm="Nuxeo Automation"

When using webui and the session timeouts, this triggers the browser basic auth dialog which makes no sense if another authentication system is used (like SAML)

The same issue can also be observed in the new Adobe CC connector.

Attachments

Issue Links

duplicates

NXP-26843 Fix security not restricted enough when logging anew with a restricted user

Resolved

is related to

NXP-26208 Handle expired session in WebUI properly

Resolved

is required by

NXP-25021 Handle expired session in WebUI

Resolved

NXP-24864 Handle the HTTP 401 Unauthorized error gracefully

Resolved

Activity

People

Assignee:

Unassigned

Reporter:

Michaël Vachette

Participants:

Anahide Tchertchian, Lisa McIntyre, Michaël Vachette

Votes:

6 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Created:

2018-04-05 20:49

Updated:

2019-08-20 18:28

Resolved:

2019-03-25 11:07