-
Notifications
You must be signed in to change notification settings - Fork 225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Setup sticky session for Kerberos and NTML HTTP Authentication #392
Conversation
When server responds with `WWW-Authenticate: Negotiate`, save VCAP_ID cookie on response to client so that subsequent request with `Authorization: Negotiate ...` will be directed to the same application instance. See [RFC-4559](https://www.ietf.org/rfc/rfc4559.txt) Signed-off-by: Josh Russett <[email protected]>
3de570d
to
e7853c2
Compare
Can you please explain why the same behaviour cannot be achieved by having the server set the configured sticky session cookie (e.g. |
With NTLM + Kerberos based Integraded Windows Authentication, the authentication logic happens at a core library level for .Net, rather than something the application can control. No cookies can be set until after the auth has been successful. Sticky session cookies work great after the fact, but unfortunately not for IWA. |
Signed-off-by: Geoff Franks <[email protected]>
Signed-off-by: Maria Shaldybin <[email protected]>
@mariash thanks for the fixes. The entire session handling will eventually have to move to its own middleware, I really don't like it in round tripper. I will accept the changes for now, with a major refactor of the session logic on my mind. |
@domdom82 |
thanks @geofffranks ! |
When server responds with
WWW-Authenticate: Negotiate
, save VCAP_ID cookie on response to client so that subsequent request withAuthorization: Negotiate ...
will be directed to the same application instance.See RFC-4559
I have viewed signed and have submitted the Contributor License Agreement
I have made this pull request to the
main
branchI have run all the unit tests.
(Optional) I have run Routing Acceptance Tests and Routing Smoke Tests
(Optional) I have run CF Acceptance Tests