Support clients which don't request mutual authentication

It's incorrect to require clients to require mutual authentication as a matter of policy from the server. Generate a response, and allow the clients to determine whether they should trust it.
twosigmajab · Dec 15, 2020 · a05e292 · a05e292
1 parent 2e28832
commit a05e292
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/wsgi_kerberos.py b/wsgi_kerberos.py
@@ -200,6 +200,11 @@ def custom_start_response(status, headers, exc_info=None):
                                                               server_token])))
                 return start_response(status, headers, exc_info)
             return self.application(environ, custom_start_response)
+        # If we get a a user, but no token, call the application but don't
+        # provide mutual authentication.
+        elif user:
+            environ['REMOTE_USER'] = user
+            return self.application(environ, start_response)
         elif server_token:
             # If we got a token, but no user, return a 401 with the token
             return self._unauthorized(environ, start_response, server_token)