spring-projects-issues
commented
10 years ago André Schäfer said:
I implemented a modification of the SpnegoEntryPoint to forward to a login form for example: https://github.com/spring-projects/spring-security-kerberos/pull/4
André Schäfer (Migrated from SES-136) said:
Problem: Browsers that do not Support Kerberos Authentication receive and display an empty page when authentication response is provided by the SpnegoEntryPoint. This is behavior leaves the user without any information or option to proceed.
The Spring Security solution SEC-1406 with DelegatingAuthenticationEntryPoint requires information within the initial request to decide for a certain behavior. But is not able to create a fallback scenario if the browser doesn't support the authentication method.
One way to solve the problem is to perform a forward after the correct headers have been added to the response. This way it is possible to either provide usefull information in a kind of 401 error page or even present a login form to provide another authentication mechnism.