[teiid-issues] [JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule
Ramesh Reddy (JIRA)
issues at jboss.org
Wed Nov 9 12:33:00 EST 2016
[ https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13319805#comment-13319805 ]
Ramesh Reddy commented on TEIID-4561:
-------------------------------------
In DelegationCredentialContext the subject already contains the GssCredential on the subject, in this case we need to inject the credential into Subject. OAuthCredential is Teiid's own, there are no standards on delegation scenarios that I know of. BTW the token is not available after web tier, it is OAuth2 access token. That is why I grabbed that in the web filter and passed it on. I made it such that if the OAuthCredential from web tier can be used to authenticate at data source layer this strategy will work.
> Deprecate the PassthroughIdentityLoginModule
> --------------------------------------------
>
> Key: TEIID-4561
> URL: https://issues.jboss.org/browse/TEIID-4561
> Project: Teiid
> Issue Type: Quality Risk
> Components: Server
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 9.2
>
>
> The delegation capability of the PassthroughIdentityLoginModule can be associated with the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of the KerberosLoginModule). Also the OAuthCredentialContext should be changed to use the Subject private credentials rather than a ThreadLocal.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the teiid-issues
mailing list