Windows Negotiate (Kerberos) authentication not working inside an iFRAME
843810Feb 6 2008 — edited Feb 6 2008Hi guys,
Today I've tackled a peculiar phenomenon: NEGOTIATE authentication protocol (SPNEGO) is not working when accessed inside an iFRAME.
Problem Background
I have a JBoss server, with a web application installed, which I have developed.
I've also modified TagLab Support library and constructed an authentication scheme for the Negotiate protocol (a Tomcat Authenticator and a JBoss Login Module).
The Tomcat Authenticator is in charge of the NEGOTIATE hand-shake protocol: Sending the NEGOTIATE token in the WWW-Authenticate HTTP header, getting the "NEGOTIATE [token]", parsing and passing it on to the JBoss Login Module for authentication against the Active Directory.
Problem Description
When accessing the secured web-app normally : typing the JBoss host address, everything works out fine.
When accessing the same address but inside an iFRAME tag (<iframe src="host address">) nothing happens. More accurately:
1. JBoss sends the WWW-Authenticate: NEGOTIATE.
2. The browser is supposed send a request to the Active Directory, to get a Session Ticket for that service HTTP/host-address@REALM.NAME. The problem is that it's not doing so. It simply ignores it and pops a basic authentication dialog (Falls back to basic from some odd reason).
Anyone have any clue to solving that?