[security-dev] Undertow IDM

Anil Saldhana Anil.Saldhana at redhat.com
Wed Apr 24 17:48:40 EDT 2013

On 04/24/2013 04:45 PM, Shane Bryzak wrote:
> On 25/04/13 05:38, Pedro Igor Silva wrote:
>> I think PL IDM can supply most of the methods defined in the IdentityManager interface.
>> Only not sure about the somethings related with password reset and account locking. Althought the Credential API maintains the history of password updates and custom attributes can also be used. Not sure, but maybe we should have that in PL IDM, built-in support for password reset and account locking.
> We already provide support for account locking:
> user.setEnabled(false);
> As for password reset, I really think that it's an application-specific
> function.  It's really only a couple of lines of PLIDM code, the bulk of
> the work is building the user interface and action bean.
Yes - it is something the integrating application has to deal with for 
password reset, password tries etc.  Sometime the ldap servers have 
their own policies for reset, regular-expression for format, number of 
tries etc before locking.
>> Regarding DIGEST authentication and the getPassword method, if using PL IDM this method is not necessary because we always store the HA1 value (MD5(username:realm:password)). So you only need to pass the provided password that it will be checked internally.
>> Regards.
>> Pedro Igor
>> ----- Original Message -----
>> From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
>> To: security-dev at lists.jboss.org
>> Sent: Wednesday, April 24, 2013 3:54:48 PM
>> Subject: [security-dev] Undertow IDM
>> Hi all,
>> https://github.com/undertow-io/undertow/tree/master/core/src/main/java/io/undertow/security/idm
>> I am wondering how we can use PicketLink IDM in Undertow.
>> Regards,
>> Anil

More information about the security-dev mailing list