Details
-
Bug
-
Resolution: Tracked Elsewhere
-
Low
-
None
-
None
-
None
Description
Steps to Reproduce
Given Crowd 2.2.7 + mod_authnz_crowd-2.0.2.tar.gz + Apache 2
1. Set up a generic application connected to 1 directory with allow all to authenticate = false.
2. Create a simple group in directory, no members in this group.
3. Configure application to only allow this group to authenticate to application.
4. Use any user that is in the directory to authenticate to apache.
Expected behavior:
Crowd should return 403 forbidden- Authentication passed, but not allowed.
Actual behavior:
Crowd returns 500 Internal Server Error.
From Crowd log:
2011-08-11 09:42:25,974 http-6095-8 DEBUG [crowd.manager.application.ApplicationServiceGeneric] User does not have access to application 'foo' as the directory is not allow all to authenticate and the user is not a member of any of the authorised groups
From Apache Log:
[Thu Aug 11 09:42:24 2011] [error] [client 192.168.15.79] Unexpected status code: 403 [Thu Aug 11 09:42:24 2011] [crit] [client 192.168.15.79] Crowd authentication failed due to system exception (END)
Attachments
Issue Links
- was cloned as
-
CWDAPACHE-31 Loading...