[security-dev] PicketLink IDM - Replace Default Credential Handler

Darran Lofthouse darran.lofthouse at jboss.com
Fri Jun 21 11:30:26 EDT 2013

Actually ignore this, it looks like I may be better off with a new 
CredentialHandler implementation and a complete set of new Credentials.

Darran Lofthouse.

On 21/06/13 16:02, Darran Lofthouse wrote:
> Investigating SASL integration with PicketLink IDM shows the Plain
> mechanism working fine with a fairly default set up - however as I am
> adding support for the Digest based mechanism I seem to need to be able
> to replace the default CredentialHandler for UsernamePasswordCredentials.
> On validating a request I don't believe that the code making use of the
> IDM should be aware of any of the storage details, so now I have users
> that could be stores with a plain text password or a pre-prepared ha1 hash.
> What I would like is to add one CredentialHandler that can handle
> requests to validate both plain text passwords and digest credentials
> and decide internally how to handle them based on which one is currently
> associated with the agent.
> My credential handler is registered as it allows me to add my new custom
> DigestPassword credential but it is not being used for the validation of
> a UsernamePasswordCredentials object.
> Is there anything else I need to do to disable the default implementation?
> Regards,
> Darran Lofthouse.
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list