[
https://jira.jboss.org/browse/SECURITY-476?page=com.atlassian.jira.plugin...
]
Darran Lofthouse resolved SECURITY-476.
---------------------------------------
Resolution: Done
Added an option 'removeRealmFromPrincipal' to the SPNEGOLoginModule which when set
to true will cause the realm to be chopped off the username.
When this option is set to true login modules chained after the SPNEGOLoginModule may need
their configuration adjusted to work with a principal without the realm.
Allow return of user name without realm part for legacy applications
--------------------------------------------------------------------
Key: SECURITY-476
URL:
https://jira.jboss.org/browse/SECURITY-476
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Patch
Security Level: Public(Everyone can see)
Components: Negotiation
Reporter: Matthias Kopczynski
Assignee: Darran Lofthouse
Fix For: Negotiation_2.0.3.SP3, Negotiation_2.0.4.GA
Attachments: cutOffDomainPatch.patch
We have a legacy application which already uses authentication but cannot handle the
realm part of the principal name. To enable single sign on we have made the changes in
provided patch which allows to configure the module-option cutOffDomain for
SPNEGOLoginModule. If the username ends with the realm name configured in this option the
realm name is removed from the user name. This way the application gets the simpler name
in the HttpServletRequest. Principals not ending with this realm are left untouched.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira