October 2010 - jboss-jira - Jboss List Archives

[JBoss JIRA] Created: (SECURITY-131) WS-Kerberos

by Darran Lofthouse (JIRA)

WS-Kerberos ----------- Key: SECURITY-131 URL: http://jira.jboss.com/jira/browse/SECURITY-131 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assigned To: Darran Lofthouse Both incomming and outbound. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

2
8
0 / 0

[JBoss JIRA] Created: (SECURITY-270) NTLM Authentication

by Darran Lofthouse (JIRA)

NTLM Authentication ------------------- Key: SECURITY-270 URL: https://jira.jboss.org/jira/browse/SECURITY-270 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 2.0.3.CR1 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

3
7
0 / 0

[JBoss JIRA] Created: (SECURITY-267) Review any MIC verification is being performed as required.

by Darran Lofthouse (JIRA)

Review any MIC verification is being performed as required. ----------------------------------------------------------- Key: SECURITY-267 URL: https://jira.jboss.org/jira/browse/SECURITY-267 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assignee: Anil Saldhana -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
7
0 / 0

[JBoss JIRA] Created: (SECURITY-255) IdentityLoginModule Incomplete password-stacking useFirstPass implementation

by Darran Lofthouse (JIRA)

IdentityLoginModule Incomplete password-stacking useFirstPass implementation ---------------------------------------------------------------------------- Key: SECURITY-255 URL: http://jira.jboss.com/jira/browse/SECURITY-255 Project: JBoss Security and Identity Management Issue Type: Bug Security Level: Public (Everyone can see) Components: JBossSX Affects Versions: 2.0.2.CR6 Reporter: Darran Lofthouse Assigned To: Darran Lofthouse Fix For: 2.0.3.Beta2 The IdentityLoginModule has got an incomplete useFirstPass implementation. The login() method does start with: - if( super.login() == true ) return true; To skip login if useFirstPass is set and authentication has already occurred. However at the end of login() setting the principal in the shared state map should only happen if useFirstPass was set. Also for this to work a credential also needs to be stored in the sharedStateMap otherwise other modules will assume authentication has not occurred. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

2
7
0 / 0

[JBoss JIRA] Created: (SECURITY-155) Support Microsoft PAC for role identification

by Darran Lofthouse (JIRA)

Support Microsoft PAC for role identification --------------------------------------------- Key: SECURITY-155 URL: http://jira.jboss.com/jira/browse/SECURITY-155 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assigned To: Darran Lofthouse Fix For: 2.0.2.GA http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/h... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
7
0 / 0

[JBoss JIRA] Created: (SECURITY-147) Java 6 - Native SPNEGO Support

by Darran Lofthouse (JIRA)

Java 6 - Native SPNEGO Support ------------------------------ Key: SECURITY-147 URL: http://jira.jboss.com/jira/browse/SECURITY-147 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assigned To: Darran Lofthouse -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
7
0 / 0

[JBoss JIRA] Created: (SECURITY-146) Convert ReqFlas in NegTokenInit to meaningful values.

by Darran Lofthouse (JIRA)

Convert ReqFlas in NegTokenInit to meaningful values. ----------------------------------------------------- Key: SECURITY-146 URL: http://jira.jboss.com/jira/browse/SECURITY-146 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assigned To: Darran Lofthouse Also update BasicNegotiation servlet to display them. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
9
0 / 0

[JBoss JIRA] Created: (SECURITY-448) Fallback to BASIC authenticator if authentication fails

by Jacob Orshalick (JIRA)

Fallback to BASIC authenticator if authentication fails ------------------------------------------------------- Key: SECURITY-448 URL: https://jira.jboss.org/jira/browse/SECURITY-448 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Negotiation Reporter: Jacob Orshalick Assignee: Darran Lofthouse This issue is related to SECURITY-141, but is a request to allow fallback to BASIC authentication where SPNEGO is not supported. As a side effect this should also allow username/password authentication where SPNEGO did not take place. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

5
20
0 / 0

[JBoss JIRA] Created: (SECURITY-352) Cache Server Subject

by Darran Lofthouse (JIRA)

Cache Server Subject -------------------- Key: SECURITY-352 URL: https://jira.jboss.org/jira/browse/SECURITY-352 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: Negotiation_2.0.4.GA Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue) One request for each of the SPNEGO round trips and then one request for the LDAP search. Attempts to make use of a local ticket cache failed: -  As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO. <module-option name="storeKey">true</module-option> A mechanism to cache the server subject is needed. The expiration time of the ticket can be obtained to decide how long to cache the ticket for: - Set<Object> privateCredentials = serverSubject.getPrivateCredentials(); for (Object current : privateCredentials) { if (current instanceof KerberosTicket) { KerberosTicket ticket = (KerberosTicket) current; System.out.println(ticket.getEndTime()); } } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
4
0 / 0

[JBoss JIRA] Created: (SECURITY-357) Add Active Directory Debugging to User Guide

by Darran Lofthouse (JIRA)

Add Active Directory Debugging to User Guide -------------------------------------------- Key: SECURITY-357 URL: https://jira.jboss.org/jira/browse/SECURITY-357 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Affects Versions: Negotiation_2.0.3.GA Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: Negotiation_2.0.4.GA Reference the following article which describes how to add additional event logging: - http://support.microsoft.com/default.aspx?scid=kb;en-us;314980&sd=tech -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years, 1 month

1
5
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2010