<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/05/13 16:50, Darran Lofthouse
wrote:<br>
</div>
<blockquote cite="mid:5180BB32.8060108@jboss.com" type="cite">
<pre wrap="">Here is another scenario I would like to verify.
So far from what I have seen regarding the Credentials stored by
PicketLink IDM my perception is that the stored Credential is very
closely related to the authentication mechanism that will be used.
So for a set-up where we know that Digest authentication is going to be
used we may store a couple of pre-prepared digests.
Is this stored Credential now available for username / plain text
password authentication i.e. Could a web application be deployed with
FORM auth and verify a credential with a plain text password even though
it is a prepared digest stored?</pre>
</blockquote>
<br>
Absolutely, the CredentialHandler is free to implement any logic you
want it to. The way it accesses the stored credential values is via
the CredentialStore [1] interface, which is an interface that an
IdentityStore may *optionally* implement if it wants to (both the
JPA and File based identity stores in PicketLink implement it, but
the LDAP store doesn't). So a CredentialHandler is free to query
whichever stored credential state it needs to. This means you could
use a combination of digest AND password based authentication in the
same application, and even for the same users; there would simply be
two separate CredentialHandlers which do the validation - one for
digests, one for passwords.<br>
<br>
<br>
[1]
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a
href="https://github.com/picketlink/picketlink/blob/master/idm/api/src/main/java/org/picketlink/idm/spi/CredentialStore.java">https://github.com/picketlink/picketlink/blob/master/idm/api/src/main/java/org/picketlink/idm/spi/CredentialStore.java</a><br>
<br>
<blockquote cite="mid:5180BB32.8060108@jboss.com" type="cite">
<pre wrap="">
Regards,
Darran Lofthouse.
_______________________________________________
security-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/security-dev">https://lists.jboss.org/mailman/listinfo/security-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>