yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1153719] Re: 401 responses do not include WWW-Authenticate header

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 04 Dec 2013 09:29:39 -0000
Reply-to: Bug 1153719 <1153719@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => icehouse-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1153719

Title:
  401 responses do not include WWW-Authenticate header

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  When an HTTP 1.1 server responds with 401 status code, it MUST include
  a WWW-Authenticate header. Keystone is not including the WWW-
  Authenticate header when it responds with 401.

  See http://tools.ietf.org/html/rfc2616#section-10.4.2

  $ curl -i http://localhost:5000/v3/projects ; echo
  HTTP/1.1 401 Not Authorized
  Vary: X-Auth-Token
  Content-Type: application/json
  Content-Length: 116
  Date: Mon, 11 Mar 2013 18:35:57 GMT

  {"error": {"message": "The request you have made requires
  authentication.", "code": 401, "title": "Not Authorized"}}

  
  The server should have included WWW-Authenticate in the response. I don't know what it should be set to, but according to the HTTP 1.1 RFC, it has to be set to something.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1153719/+subscriptions