[JBoss JIRA] (ELY-151) Ability to supply additional information during credential acquisition
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-151?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-151:
---------------------------------
Fix Version/s: 1.1.0.Beta3
(was: 1.1.0.Beta2)
> Ability to supply additional information during credential acquisition
> ----------------------------------------------------------------------
>
> Key: ELY-151
> URL: https://issues.jboss.org/browse/ELY-151
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: API / SPI, Passwords
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Fix For: 1.1.0.Beta3
>
>
> I think this is the final known gap in our credential acquisition and validation API/SPI.
> There are a couple of specifications that also allow for additional information to be used when obtaining a representation of a users credential, the most obvious being the session based variant of digest authentication where a nonce and cnonce are also incorporated.
> A second variant with two different modes of operation would be the realm associated with the digest credential, currently we assume it is tightly associated with the storage representation of the credential but it could also be the case that the mech is requesting it for a specific realm.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 6 months
[JBoss JIRA] (ELY-212) Client-side SSL context configuration is subtly wrong
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-212?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-212:
---------------------------------
Fix Version/s: 1.1.0.Beta3
(was: 1.1.0.Beta2)
> Client-side SSL context configuration is subtly wrong
> -----------------------------------------------------
>
> Key: ELY-212
> URL: https://issues.jboss.org/browse/ELY-212
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Client
> Reporter: David Lloyd
> Assignee: David Lloyd
> Fix For: 1.1.0.Beta3
>
>
> SSL context client-side configuration is problematic in that the SSL context is not (and cannot be) cached. This means that we lose SSL session reuse and other benefits which may cause problems for users.
> However we also cannot just cache an SSL context on a configuration either - the client credentials may vary on each request, causing leakage between identities.
> What we need to do is have a separate SSL context client configuration mechanism, and use the generic client context configuration to reference this SSL context client configuration.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 6 months
[JBoss JIRA] (ELY-221) Implement a better X.500 principal mapper
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-221?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-221:
---------------------------------
Fix Version/s: 1.1.0.Beta3
(was: 1.1.0.Beta2)
> Implement a better X.500 principal mapper
> -----------------------------------------
>
> Key: ELY-221
> URL: https://issues.jboss.org/browse/ELY-221
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: API / SPI
> Reporter: David Lloyd
> Fix For: 1.1.0.Beta3
>
>
> We can provide something better than a flat string mapping. Some thoughts on requirements:
> * Require that a minimum set of keys are present, else return {{null}}
> * Allow piecewise assembly of principal names with the following components:
> ** Static string
> ** Single attribute value e.g. {{dc[0]}}
> ** Joined attribute value (with optional subrange) e.g. {{dc:"."}} would convert {{dc=example,dc=com}} to {{example.com}}
> ** Joined attribute value in reverse (with optional subrange)
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 6 months
[JBoss JIRA] (ELY-257) Allow usage of properties to configure sasl server factories
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-257?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-257:
---------------------------------
Fix Version/s: 1.1.0.Beta3
(was: 1.1.0.Beta2)
> Allow usage of properties to configure sasl server factories
> ------------------------------------------------------------
>
> Key: ELY-257
> URL: https://issues.jboss.org/browse/ELY-257
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: SASL
> Reporter: Kabir Khan
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 1.1.0.Beta3
>
>
> There is some discussion on https://github.com/wildfly-security/wildfly-elytron/pull/264. In this case the issue is that we have a ChannelBindingSaslServerFactory (and same for client) which provides a callback handler to deal with the channel binding callbacks needed by Gs2SaslServerFactory and Gs2SaslClientFactory. This is fine for when people create their own SaslServerFactory, and use that to create a SaslServer.
> However, if they want to call Sasl.createServer()/.createClient() they need to provide their own callback handler to deal with the channel binding types.
> One option would be to allow the usage of properties for this configuration needed by the factories.
> However, having slept on it, the callback handler passed in to Sasl.createXXX() would need to handle all callbacks. Is there a way to get a 'real' callback handler for a user wishing to instantiate clients/servers this way? Or is the intent that they have to write their own CBH?
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 6 months
[JBoss JIRA] (ELY-261) Rework (and move) UsernamePasswordHashUtil
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-261?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-261:
---------------------------------
Fix Version/s: 1.1.0.Beta3
(was: 1.1.0.Beta2)
> Rework (and move) UsernamePasswordHashUtil
> ------------------------------------------
>
> Key: ELY-261
> URL: https://issues.jboss.org/browse/ELY-261
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: API / SPI, Passwords
> Reporter: Darran Lofthouse
> Fix For: 1.1.0.Beta3
>
>
> Firstly this class is not really SASL specific so should be in a general util package.
> Secondly we now have password specs and a PasswordFactory - if this class still has a future then maybe it should be using those instead of it's own custom implementation.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 6 months
[JBoss JIRA] (ELY-258) Inconsistent 'AuthenticationContext' naming.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-258?page=com.atlassian.jira.plugin.sy... ]
Darran Lofthouse updated ELY-258:
---------------------------------
Priority: Critical (was: Major)
> Inconsistent 'AuthenticationContext' naming.
> --------------------------------------------
>
> Key: ELY-258
> URL: https://issues.jboss.org/browse/ELY-258
> Project: WildFly Elytron
> Issue Type: Task
> Components: API / SPI
> Reporter: Darran Lofthouse
> Priority: Critical
> Fix For: 1.1.0.Beta2
>
>
> Other classes in these packages should also be checked but essentially we have a client and server package, the context in client is AuthenticationContext, the one in server is ServerAuthenticationContext.
> If they are ever likely to be both used together then unique names would be advisable, otherwise they could both be 'AuthenticationContext'.
> Wait till all engineers are off PTO before working on this one.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
8 years, 6 months