GSSWEB PROTOCOL DESCRIPTION

This file describes the protocol used for GSSWeb authentication.  

Note: All messages in the protocol are exchanged in
'application/x-www-form-urlencoded' format, and no newlines should be
inserted into the base64 output.

The client goes to /<app>/gss and does a POST containing:

token: <Base64-encoded GSS Token>
nonce: <Random 32-bit integer represented as string>

The server will respond by sending a JSON response:

{gssweb: {
    token= "<Base64-encoded GSS Token>",
    nonce= "<Nonce from request>"},
 application: {
    data: "<Base-64-encoded application data>",
    content-type: "<Original content-type>",
    content-length: "<Original content-length>"}
}

The "gssweb" section in the response is used for the GSS exchange.  If
no token was returned by the call to gss_accept_sec_context(), the
"token" value will be a zero-length string.

The "application" section contains the original server-side
application or web server response, which will contain an error
response unless/until the GSS exchange completes successfully.  Upon
completion of the exchange (whether successful or not), the client can
use the application data to reconstruct the original response and pass
it up to the client-side application.