October 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-298) load-from/uri keystore xsd/parser mismatch

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-298?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-298: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > load-from/uri keystore xsd/parser mismatch > ------------------------------------------ > > Key: ELY-298 > URL: https://issues.jboss.org/browse/ELY-298 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Kabir Khan > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta12 > > > The xsd has > {code} > <xsd:complexType name="key-store-type"> > <xsd:sequence minOccurs="1" maxOccurs="1"> >  > <xsd:choice minOccurs="1" maxOccurs="1"> > <xsd:element name="file" type="name-type" minOccurs="1" maxOccurs="1"/> > <xsd:element name="load-from" type="uri-type" minOccurs="1" maxOccurs="1"/> > <xsd:element name="resource" type="name-type" minOccurs="1" maxOccurs="1"/> > {code} > The parser seems to look for 'uri' rather than 'load-from' -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-444) AuthorizationIdentity and PermissionMapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-444?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-444: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > AuthorizationIdentity and PermissionMapper > ------------------------------------------ > > Key: ELY-444 > URL: https://issues.jboss.org/browse/ELY-444 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI, Realms > Reporter: David Lloyd > Fix For: 1.1.0.Beta12 > > > When we initially designed the PermissionMapper we went to certain lengths to avoid exposing details of the realm. But now as the API has evolved it is clear that the permission mapper will need access to more information. The AuthorizationIdentity (or perhaps another object which includes the AuthorizationIdentity) should be made available to the permission mapper. > In addition, this object could be expanded to include more information about the authentication, for example mechanism-specific information, which can feed into the authorization decision and could be useful for other things. Examples include: authentication timestamp, mechanism name/kind, forwarding credentials, and other attributes which derive from the mechanism as opposed to the identity. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-398) Authorization decisions for identity manipulation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-398?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-398: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Authorization decisions for identity manipulation > ------------------------------------------------- > > Key: ELY-398 > URL: https://issues.jboss.org/browse/ELY-398 > Project: WildFly Elytron > Issue Type: Task > Components: Realms > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta12 > > > We need to ensure we have appropriate permissions checks in place where one identity is manipulating another identity. > It is possible the subsystem will take a lot of the responsibility but lets start here with an issue. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-485) Add JavaDoc for the 'org.wildfly.security.auth.server' package and sub packages.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-485?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-485: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Add JavaDoc for the 'org.wildfly.security.auth.server' package and sub packages. > -------------------------------------------------------------------------------- > > Key: ELY-485 > URL: https://issues.jboss.org/browse/ELY-485 > Project: WildFly Elytron > Issue Type: Enhancement > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta12 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-212) Client-side SSL context configuration is subtly wrong

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-212?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-212: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Client-side SSL context configuration is subtly wrong > ----------------------------------------------------- > > Key: ELY-212 > URL: https://issues.jboss.org/browse/ELY-212 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta12 > > > SSL context client-side configuration is problematic in that the SSL context is not (and cannot be) cached. This means that we lose SSL session reuse and other benefits which may cause problems for users. > However we also cannot just cache an SSL context on a configuration either - the client credentials may vary on each request, causing leakage between identities. > What we need to do is have a separate SSL context client configuration mechanism, and use the generic client context configuration to reference this SSL context client configuration. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-606) Wrap the match elements with an outer match element.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-606?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-606: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Wrap the match elements with an outer match element. > ---------------------------------------------------- > > Key: ELY-606 > URL: https://issues.jboss.org/browse/ELY-606 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta12 > > > For each match type we support at most one definition of each - by adding a wrapper element we can use xsd:all to more accurately reflect this. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-583) Add ability for outbound clients to directly consume IdentityCredentials

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-583?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-583: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Add ability for outbound clients to directly consume IdentityCredentials > ------------------------------------------------------------------------ > > Key: ELY-583 > URL: https://issues.jboss.org/browse/ELY-583 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Client > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta12 > > > Outbound clients can gain substantial flexibility by being able to use {{IdentityCredentials}} directly. This allows a non-type-specific object like a {{byte[]}} to be interpreted as many different types of credentials. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-509) Multi Step HTTP Authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-509?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-509: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Multi Step HTTP Authentication > ------------------------------ > > Key: ELY-509 > URL: https://issues.jboss.org/browse/ELY-509 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Reporter: Darran Lofthouse > Assignee: Farah Juma > Fix For: 1.1.0.Beta12 > > > This is a variation of FORM authentication and closely related to ELY-508. > The scenario would be prompt for a username, then prompt for a password and if the password is valid and the account supports OTP prompt for the OTP. > The mechanism may also be responsible for sending the OTP but that is probably a side topic. > I have raised this in terms of being a HTTP mechanism but the main point we need to ensure is covered is the requirements about identifying what checks are required for a specific user and tracking they are all complete. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-595) Ability to provide CallbackHandler and SSLContext when AuthenticationConfiguration dynamically loaded.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-595?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-595: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Ability to provide CallbackHandler and SSLContext when AuthenticationConfiguration dynamically loaded. > ------------------------------------------------------------------------------------------------------ > > Key: ELY-595 > URL: https://issues.jboss.org/browse/ELY-595 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta12 > > -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

[JBoss JIRA] (ELY-559) Token-based authentication should forward authentication

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-559?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-559: --------------------------------- Fix Version/s: 1.1.0.Beta12 (was: 1.1.0.Beta11) > Token-based authentication should forward authentication > -------------------------------------------------------- > > Key: ELY-559 > URL: https://issues.jboss.org/browse/ELY-559 > Project: WildFly Elytron > Issue Type: Enhancement > Components: Authentication Mechanisms > Reporter: David Lloyd > Fix For: 1.1.0.Beta12 > > > Mechanisms that handle BearerTokenCredetials (ELY-557) should forward them as public or private credentials (ELY-473 / https://github.com/wildfly-security/wildfly-elytron/pull/434 ). -- This message was sent by Atlassian JIRA (v6.4.11#64026)

9 years, 6 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2016