October 2012 - jboss-jira - Jboss List Archives

[JBoss JIRA] Created: (SECURITY-267) Review any MIC verification is being performed as required.

by Darran Lofthouse (JIRA)

Review any MIC verification is being performed as required. ----------------------------------------------------------- Key: SECURITY-267 URL: https://jira.jboss.org/jira/browse/SECURITY-267 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assignee: Anil Saldhana -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

1
7
0 / 0

[JBoss JIRA] Created: (SECURITY-255) IdentityLoginModule Incomplete password-stacking useFirstPass implementation

by Darran Lofthouse (JIRA)

IdentityLoginModule Incomplete password-stacking useFirstPass implementation ---------------------------------------------------------------------------- Key: SECURITY-255 URL: http://jira.jboss.com/jira/browse/SECURITY-255 Project: JBoss Security and Identity Management Issue Type: Bug Security Level: Public (Everyone can see) Components: JBossSX Affects Versions: 2.0.2.CR6 Reporter: Darran Lofthouse Assigned To: Darran Lofthouse Fix For: 2.0.3.Beta2 The IdentityLoginModule has got an incomplete useFirstPass implementation. The login() method does start with: - if( super.login() == true ) return true; To skip login if useFirstPass is set and authentication has already occurred. However at the end of login() setting the principal in the shared state map should only happen if useFirstPass was set. Also for this to work a credential also needs to be stored in the sharedStateMap otherwise other modules will assume authentication has not occurred. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

2
7
0 / 0

[JBoss JIRA] Created: (SECURITY-155) Support Microsoft PAC for role identification

by Darran Lofthouse (JIRA)

Support Microsoft PAC for role identification --------------------------------------------- Key: SECURITY-155 URL: http://jira.jboss.com/jira/browse/SECURITY-155 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assigned To: Darran Lofthouse Fix For: 2.0.2.GA http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/h... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

1
7
0 / 0

[JBoss JIRA] Created: (SECURITY-147) Java 6 - Native SPNEGO Support

by Darran Lofthouse (JIRA)

Java 6 - Native SPNEGO Support ------------------------------ Key: SECURITY-147 URL: http://jira.jboss.com/jira/browse/SECURITY-147 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assigned To: Darran Lofthouse -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

1
7
0 / 0

[JBoss JIRA] Created: (SECURITY-146) Convert ReqFlas in NegTokenInit to meaningful values.

by Darran Lofthouse (JIRA)

Convert ReqFlas in NegTokenInit to meaningful values. ----------------------------------------------------- Key: SECURITY-146 URL: http://jira.jboss.com/jira/browse/SECURITY-146 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assigned To: Darran Lofthouse Also update BasicNegotiation servlet to display them. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

1
9
0 / 0

[JBoss JIRA] Created: (SECURITY-448) Fallback to BASIC authenticator if authentication fails

by Jacob Orshalick (JIRA)

Fallback to BASIC authenticator if authentication fails ------------------------------------------------------- Key: SECURITY-448 URL: https://jira.jboss.org/jira/browse/SECURITY-448 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Negotiation Reporter: Jacob Orshalick Assignee: Darran Lofthouse This issue is related to SECURITY-141, but is a request to allow fallback to BASIC authentication where SPNEGO is not supported. As a side effect this should also allow username/password authentication where SPNEGO did not take place. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

5
20
0 / 0

[JBoss JIRA] Created: (SECURITY-352) Cache Server Subject

by Darran Lofthouse (JIRA)

Cache Server Subject -------------------- Key: SECURITY-352 URL: https://jira.jboss.org/jira/browse/SECURITY-352 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: Negotiation_2.0.4.GA Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue) One request for each of the SPNEGO round trips and then one request for the LDAP search. Attempts to make use of a local ticket cache failed: -  As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO. <module-option name="storeKey">true</module-option> A mechanism to cache the server subject is needed. The expiration time of the ticket can be obtained to decide how long to cache the ticket for: - Set<Object> privateCredentials = serverSubject.getPrivateCredentials(); for (Object current : privateCredentials) { if (current instanceof KerberosTicket) { KerberosTicket ticket = (KerberosTicket) current; System.out.println(ticket.getEndTime()); } } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

1
4
0 / 0

[JBoss JIRA] Created: (SECURITY-357) Add Active Directory Debugging to User Guide

by Darran Lofthouse (JIRA)

Add Active Directory Debugging to User Guide -------------------------------------------- Key: SECURITY-357 URL: https://jira.jboss.org/jira/browse/SECURITY-357 Project: JBoss Security and Identity Management Issue Type: Task Security Level: Public (Everyone can see) Components: Negotiation Affects Versions: Negotiation_2.0.3.GA Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: Negotiation_2.0.4.GA Reference the following article which describes how to add additional event logging: - http://support.microsoft.com/default.aspx?scid=kb;en-us;314980&sd=tech -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

1
5
0 / 0

[JBoss JIRA] Created: (SECURITY-573) Improve handling of IOException thrown from NegotiationAuthenticator

by Marek Posolda (JIRA)

Improve handling of IOException thrown from NegotiationAuthenticator -------------------------------------------------------------------- Key: SECURITY-573 URL: https://issues.jboss.org/browse/SECURITY-573 Project: PicketBox (JBoss Security and Identity Management) Issue Type: Bug Security Level: Public (Everyone can see) Components: Negotiation Affects Versions: Negotiation_2.0.3.GA Environment: JBoss EPP 5.1.GA with SPNEGO support, JBoss Negotiation 2.0.3, commons-http-client 3.1 used as HTTP client Reporter: Marek Posolda Assignee: Darran Lofthouse Fix For: Negotiation_2.0.4 Currently if IOException is thrown from NegotiationAuthenticator (For example from line 123 from statement: NegotiationMessage requestMessage = mf.createMessage(authTokenIS); ) then this exception is never logged but it's catched and ignored in CoyoteAdapter.service. Result is that client receives response code 200 OK and emtpy HTTP response. And there is nothing in server log, which can be used to recognize error. So I need to debug if I want to find the real cause of IO issue. Example for simulating of this issue can be using of Kerberos OID instead of SPNEGO OID as described in Jira SECURITY-572 -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

2
3
0 / 0

[JBoss JIRA] Created: (SECURITY-538) Document the AdvancedADLoginModule

by Darran Lofthouse (JIRA)

Document the AdvancedADLoginModule ---------------------------------- Key: SECURITY-538 URL: https://jira.jboss.org/browse/SECURITY-538 Project: PicketBox (JBoss Security and Identity Management) Issue Type: Task Security Level: Public (Everyone can see) Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: Negotiation_2.0.3.SP4 , Negotiation_2.0.4.GA The AdvancedADLoginModule was added to allow the users primary group to be identified, documentation needs to be added on the use of this login module. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

12 years

1
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2012