[JBoss JIRA] (ELY-281) Investigate if it's possible to modify the OTP SASL mechanism and password implementation to make use of the credential verification API
by Farah Juma (JIRA)
Farah Juma created ELY-281:
------------------------------
Summary: Investigate if it's possible to modify the OTP SASL mechanism and password implementation to make use of the credential verification API
Key: ELY-281
URL: https://issues.jboss.org/browse/ELY-281
Project: WildFly Elytron
Issue Type: Feature Request
Components: SASL
Reporter: Farah Juma
Assignee: Farah Juma
The main idea here is to be able to pass the guess that's being verified to the realm and have the realm handle updating the stored credential if verification succeeds.
Relevant chat discussion:
{quote}
\[8:42 AM\] Darran Lofthouse: @KabirKhan Ok, so you are trying to test OTP and require updates to be applied to the realm
\[8:43 AM\] Darran Lofthouse: One option is to update the ServerAuthenticationContext to make an update
\[8:43 AM\] Kabir Khan: That is what I had planned
\[8:43 AM\] Darran Lofthouse: I do also wonder if a second option may be to use the credential verification API we have instead so the credential being verified is passed into the realm and the realm can handle updates internally
\[8:44 AM\] Darran Lofthouse: although have not been in the credential in detail to see if this is possible
\[8:44 AM\] Kabir Khan: Possibly, I'd need to look at the code a bit better though
\[8:44 AM\] Kabir Khan: the first option is what stood out to me
\[8:45 AM\] Darran Lofthouse: the first option may match with how the credential and mech are currently implemented - but does risk us adding more and more behaviour to ServerAuthenticationContext
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
10 years, 10 months
[JBoss JIRA] (WFLY-5256) HTTPS undertow listener request client certificate despite verify-client=NOT_REQUESTED
by Manuel Colchete (JIRA)
[ https://issues.jboss.org/browse/WFLY-5256?page=com.atlassian.jira.plugin.... ]
Manuel Colchete updated WFLY-5256:
----------------------------------
Affects Version/s: 8.2.0.Final
(was: 8.0.0.CR1)
> HTTPS undertow listener request client certificate despite verify-client=NOT_REQUESTED
> --------------------------------------------------------------------------------------
>
> Key: WFLY-5256
> URL: https://issues.jboss.org/browse/WFLY-5256
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 8.2.0.Final
> Reporter: Manuel Colchete
> Assignee: Stuart Douglas
> Priority: Minor
> Fix For: 8.0.0.Final
>
>
> HTTPS undertow listener has 3 options for verify-client parameter: NOT_REQUESTED (Default), REQUESTED, REQUIRED. If it is set to NOT_REQUESTED (the default), it should not require a certificate chain unless the client requests a resource protected by a security constraint that uses CLIENT-CERT authentication. But when I tried to access unsecured resource as first, it requested certificate. (It behaves same as verify-client is set to REQUESTED)
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
10 years, 10 months
[JBoss JIRA] (WFCORE-942) Parameter completion for :read-resource and :read-children-resources is broken
by Brian Stansberry (JIRA)
Brian Stansberry created WFCORE-942:
---------------------------------------
Summary: Parameter completion for :read-resource and :read-children-resources is broken
Key: WFCORE-942
URL: https://issues.jboss.org/browse/WFCORE-942
Project: WildFly Core
Issue Type: Bug
Components: CLI
Affects Versions: 2.0.0.Beta5
Reporter: Brian Stansberry
Assignee: Alexey Loubyansky
Priority: Critical
Fix For: 2.0.0.CR1
When I try to use tab completion to add parameters to "read-resource" and "read-children-resources" operations, it does not suggest any params but instead just closes the parameter list.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
10 years, 10 months
[JBoss JIRA] (WFLY-5256) HTTPS undertow listener request client certificate despite verify-client=NOT_REQUESTED
by Manuel Colchete (JIRA)
Manuel Colchete created WFLY-5256:
-------------------------------------
Summary: HTTPS undertow listener request client certificate despite verify-client=NOT_REQUESTED
Key: WFLY-5256
URL: https://issues.jboss.org/browse/WFLY-5256
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 8.0.0.CR1
Reporter: Manuel Colchete
Assignee: Stuart Douglas
Priority: Minor
Fix For: 8.0.0.Final
HTTPS undertow listener has 3 options for verify-client parameter: NOT_REQUESTED (Default), REQUESTED, REQUIRED. If it is set to NOT_REQUESTED (the default), it should not require a certificate chain unless the client requests a resource protected by a security constraint that uses CLIENT-CERT authentication. But when I tried to access unsecured resource as first, it requested certificate. (It behaves same as verify-client is set to REQUESTED)
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
10 years, 10 months