e8763bad41
AuthN realms are ordered as a chain so that the credentials of a given user are verified in succession. Upon the first successful verification, the user is authenticated. Realms do however have the option to cut short this iterative process, when the credentials don't verify and the user cannot exist in any other realm. This mechanism is currently used by the Reserved and the Kerberos realm. This commit improves the early termination operation by allowing realms to gracefully terminate authentication, as if the chain has been tried out completely. Previously, early termination resulted in an authentication error which varies the response body compared to the failed authentication outcome where no realm could verify the credentials successfully. Reserved users are hence denied authentication in exactly the same way as other users are when no realm can validate their credentials. |
||
|---|---|---|
| .. | ||
| cli | ||
| forbidden | ||
| licenses | ||
| qa | ||
| src | ||
| build.gradle | ||