From 7e1a6dba1a403247d62524027e87a66015550b26 Mon Sep 17 00:00:00 2001 From: Margaret Wasserman Date: Fri, 5 Sep 2014 06:52:29 -0400 Subject: [PATCH] Update the protocol description to match current code and include additonal detaisl about encoding, etc. --- protocol.txt | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/protocol.txt b/protocol.txt index 41a602d..be39e17 100644 --- a/protocol.txt +++ b/protocol.txt @@ -1,24 +1,34 @@ GSSWEB PROTOCOL DESCRIPTION -This file describes the protocol used for GSSWeb authentication. +This file describes the protocol used for GSSWeb authentication. + +Note: All messages in the protocol are exchanged in +'application/x-www-form-urlencoded' format, and no newlines should be +inserted into the base64 output. The client goes to //gss and does a POST containing: token: -nonce: +nonce: The server will respond by sending a JSON response: {gssweb: { - token= "", + token= "", nonce= ""}, application: { - data: "", + data: "", content-type: "", content-length: ""} } -The "gssweb" section in the response is used for the GSS exchange. -Upon completion of the GSS exchange, the "application" section is used -by the client to reconstruct the application response upon completion -of the GSS exchange. +The "gssweb" section in the response is used for the GSS exchange. If +no token was returned by the call to gss_accept_sec_context(), the +"token" value will be a zero-length string. + +The "application" section contains the original server-side +application or web server response, which will contain an error +response unless/until the GSS exchange completes successfully. Upon +completion of the exchange (whether successful or not), the client can +use the application data to reconstruct the original response and pass +it up to the client-side application. -- 2.1.4