问题
I have a Spring Boot + Spring Security + Waffle application which can authenticate very well if the pages are visited from Firefox. If I do the same from IE 11, the first authentication sequence performs correctly, but as soon as I try to click on a link, I get a 401 Unauthorized.
Comparing to what I see in Fiddler for IE 11 and Firefox, there's a difference, but I don't really know whether and how that affects this.
- Firefox: gets the 401, sends the request with the negotiate header, gets a 200 with a set-cookie, from that point only sends the cookie, no more negotiate headers.
- IE 11: gets the 401, send the request with the negotiate header, gets a 200 with a set cookie, from that point sends both the cookie and the negotiate header.
When IE fails, I get a response from a server like this:
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
WWW-Authenticate: Negotiate oYGzMIGwoAMKAQChCwYJKoZIgvcSAQICooGbBIGYYIGVBgkqhkiG9xIBAgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCAReibQRrZWTCe2Nr3idc1IKAkCjp1d4m1m26larECi8RzTmGrMZJ6L6TyD3RoQPt/BBgz2GoHvmaYG6tL53BV7f5ABGFTzzy8N4TG6cP2QyhN0Wr7ToanN43qMmsGkNO2QIvvR2cuG/zhznRUbqDgtg=
WWW-Authenticate: Negotiate oRUwE6ADCgEDoQwGCisGAQQBgjcCAgo=
Connection: keep-alive
Transfer-Encoding: chunked
Date: Sun, 17 Jul 2016 23:06:31 GMT
Proxy-Support: Session-Based-Authentication
I did the usual troubleshooting steps and configured IE properly; is there something that I could do to make this work in IE?
来源:https://stackoverflow.com/questions/38436566/spring-security-waffle-kerberos-authentication-fails-with-ie-11-in-firefox-w