[
https://jira.jboss.org/jira/browse/SECURITY-126?page=com.atlassian.jira.p...
]
Darran Lofthouse resolved SECURITY-126.
---------------------------------------
Resolution: Rejected
Will re-open if issues identified, so far this approach is working.
Review username used in SPNEGOAuthenticator
-------------------------------------------
Key: SECURITY-126
URL:
https://jira.jboss.org/jira/browse/SECURITY-126
Project: JBoss Security and Identity Management
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Negotiation
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
The SPNEGOAuthenticator needs a username in order to be able to call
'authenticate', this username is also used as a unique identifier in the cache.
At the moment the session ID for the web application is used.
This is unique for the set of current sessions.
May cause issues if the ID was to be reused.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira