ESP Pre-Authorization Excluded Directories + Basic auth information corruption

0

Hi, 

First I wish to say that this is not a problem for me as at the moment as I worked around it. However, I wanted to post this as this might be helpfull to others. 

I've noticed a problem with how ESP Pre-Authorization Excluded Directories handles Basic auth when the backend server also provides basic auth.

* I have root where I enable ESP form, I log in using user@domain.local 
* I set a Pre-Authorization Excluded Directorie as "/test/*"
* My backend server has basic auth enabled on /test/ and requires me to provide test / test to see the pages.

test steps:
I log in to the ESP form using user@domain.local
I go to /test/ 
The server provides me with a basic auth prompt. 
I enter test / test. 
The server receives user@domain.local and not the test user.

PS: Authentication is passed correctly if you do not log in the to ESP form first and just go to /test/

 

0 comments