April 2014 - jboss-jira - Jboss List Archives

[JBoss JIRA] (SECURITY-130) Non web invocations to server

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-130?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-130: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Non web invocations to server > ----------------------------- > > Key: SECURITY-130 > URL: https://issues.jboss.org/browse/SECURITY-130 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > Kerberos based SSO can also be made possible for calls over other invokers and can also be used for message integrity and confidentiality. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-140) JBossWS EJB Endpoints Defined With Custom Authenticators

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-140?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-140: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > JBossWS EJB Endpoints Defined With Custom Authenticators > -------------------------------------------------------- > > Key: SECURITY-140 > URL: https://issues.jboss.org/browse/SECURITY-140 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-139) JBossWS Client SPNEGO Authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-139?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-139: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > JBossWS Client SPNEGO Authentication > ------------------------------------ > > Key: SECURITY-139 > URL: https://issues.jboss.org/browse/SECURITY-139 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-137) Authentication Cache aware of ticket expiration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-137?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-137: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Authentication Cache aware of ticket expiration > ----------------------------------------------- > > Key: SECURITY-137 > URL: https://issues.jboss.org/browse/SECURITY-137 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-147) Java 6 - Native SPNEGO Support

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-147?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-147: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Java 6 - Native SPNEGO Support > ------------------------------ > > Key: SECURITY-147 > URL: https://issues.jboss.org/browse/SECURITY-147 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-146) Convert ReqFlags in NegTokenInit to meaningful values.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-146?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-146: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Convert ReqFlags in NegTokenInit to meaningful values. > ------------------------------------------------------ > > Key: SECURITY-146 > URL: https://issues.jboss.org/browse/SECURITY-146 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Priority: Optional > Fix For: Negotiation_2_1_7 > > > Also update BasicNegotiation servlet to display them. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-255) IdentityLoginModule Incomplete password-stacking useFirstPass implementation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-255?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-255: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > IdentityLoginModule Incomplete password-stacking useFirstPass implementation > ---------------------------------------------------------------------------- > > Key: SECURITY-255 > URL: https://issues.jboss.org/browse/SECURITY-255 > Project: PicketBox > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: Negotiation > Affects Versions: 2.0.2.CR6 > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > The IdentityLoginModule has got an incomplete useFirstPass implementation. > The login() method does start with: - > if( super.login() == true ) > return true; > To skip login if useFirstPass is set and authentication has already occurred. > However at the end of login() setting the principal in the shared state map should only happen if useFirstPass was set. > Also for this to work a credential also needs to be stored in the sharedStateMap otherwise other modules will assume authentication has not occurred. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-155) Support Microsoft PAC for role identification

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-155?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-155: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Support Microsoft PAC for role identification > --------------------------------------------- > > Key: SECURITY-155 > URL: https://issues.jboss.org/browse/SECURITY-155 > Project: PicketBox > Issue Type: Task > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnkerb/h... -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-352) Cache Server Subject

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-352?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-352: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > Cache Server Subject > -------------------- > > Key: SECURITY-352 > URL: https://issues.jboss.org/browse/SECURITY-352 > Project: PicketBox > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > > Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue) > One request for each of the SPNEGO round trips and then one request for the LDAP search. > Attempts to make use of a local ticket cache failed: - >  > As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO. > <module-option name="storeKey">true</module-option> > A mechanism to cache the server subject is needed. > The expiration time of the ticket can be obtained to decide how long to cache the ticket for: - > Set<Object> privateCredentials = serverSubject.getPrivateCredentials(); > for (Object current : privateCredentials) > { > if (current instanceof KerberosTicket) > { > KerberosTicket ticket = (KerberosTicket) current; > System.out.println(ticket.getEndTime()); > } > } -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

[JBoss JIRA] (SECURITY-270) NTLM Authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/SECURITY-270?page=com.atlassian.jira.plug... ] Darran Lofthouse updated SECURITY-270: -------------------------------------- Fix Version/s: Negotiation_2_1_7 (was: Negotiation_2_1_6) > NTLM Authentication > ------------------- > > Key: SECURITY-270 > URL: https://issues.jboss.org/browse/SECURITY-270 > Project: PicketBox > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: Negotiation > Reporter: Darran Lofthouse > Fix For: Negotiation_2_1_7 > > -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2014