February 2016 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-151) Ability to supply additional information during credential acquisition

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-151?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-151: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Ability to supply additional information during credential acquisition > ---------------------------------------------------------------------- > > Key: ELY-151 > URL: https://issues.jboss.org/browse/ELY-151 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI, Passwords > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > I think this is the final known gap in our credential acquisition and validation API/SPI. > There are a couple of specifications that also allow for additional information to be used when obtaining a representation of a users credential, the most obvious being the session based variant of digest authentication where a nonce and cnonce are also incorporated. > A second variant with two different modes of operation would be the realm associated with the digest credential, currently we assume it is tightly associated with the storage representation of the credential but it could also be the case that the mech is requesting it for a specific realm. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-153) Support DigestCredential with a specified realm name

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-153?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-153: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Support DigestCredential with a specified realm name > ---------------------------------------------------- > > Key: ELY-153 > URL: https://issues.jboss.org/browse/ELY-153 > Project: WildFly Elytron > Issue Type: Sub-task > Components: Passwords > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > This would imply the password is retrievable and the realm associated by the authentication mechanism. > I see the following scenarios to be covered by this: - > - Realm that does not store pre-hashed and so is open to the mechanism providing the realm name. > - Realms where one or more realm names may be in use. > - One identity with multiple credentials each with a different realm. > - Different realms used for different identities but no more than one per identity. > If this is accomplished using a CallbackHandler then there are couple of Callback options: - > 1. getCredentialSupport on the realm, a RealmChoiceCallback can be used by a realm that advertises all the realm names it knows, where realm names are selected the response can take into account if all or some of the identities in that realm have a credential stored for that realm. > 2. getCredentialSupport on the realm can also support RealmCallback, in this case the mechanism specifies one realm name. > 3. These two can be repeated on the RealmIdentity, in that case however as a specific identity is being referenced the response can be much more specific. > 4. On getCredential the Callbacks can both be supported but in both cases can allow the selection of a single realm. > Another option could be an extension to RealmChoiceCallback that also indicates the level of support for each realm it contains. > Whilst exploring this, being able to identify the message digest algorithm support level should also be considered in parallel. > Also I see solving this as a simple pre-requisite for ELY-154 -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-154) Session based DigestCredential support

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-154?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-154: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Session based DigestCredential support > -------------------------------------- > > Key: ELY-154 > URL: https://issues.jboss.org/browse/ELY-154 > Project: WildFly Elytron > Issue Type: Sub-task > Components: Passwords > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > DigestCredential but where additional information is included such as nonce and cnonce to create a credential applicable to a session. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-221) Implement a better X.500 principal mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-221?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-221: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Implement a better X.500 principal mapper > ----------------------------------------- > > Key: ELY-221 > URL: https://issues.jboss.org/browse/ELY-221 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI > Reporter: David Lloyd > Priority: Critical > Fix For: 1.1.0.Beta6 > > > We can provide something better than a flat string mapping. Some thoughts on requirements: > * Require that a minimum set of keys are present, else return {{null}} > * Allow piecewise assembly of principal names with the following components: > ** Static string > ** Single attribute value e.g. {{dc[0]}} > ** Joined attribute value (with optional subrange) e.g. {{dc:"."}} would convert {{dc=example,dc=com}} to {{example.com}} > ** Joined attribute value in reverse (with optional subrange) -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-257) Allow usage of properties to configure sasl server factories

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-257?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-257: --------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Allow usage of properties to configure sasl server factories > ------------------------------------------------------------ > > Key: ELY-257 > URL: https://issues.jboss.org/browse/ELY-257 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SASL > Reporter: Kabir Khan > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta6 > > > There is some discussion on https://github.com/wildfly-security/wildfly-elytron/pull/264. In this case the issue is that we have a ChannelBindingSaslServerFactory (and same for client) which provides a callback handler to deal with the channel binding callbacks needed by Gs2SaslServerFactory and Gs2SaslClientFactory. This is fine for when people create their own SaslServerFactory, and use that to create a SaslServer. > However, if they want to call Sasl.createServer()/.createClient() they need to provide their own callback handler to deal with the channel binding types. > One option would be to allow the usage of properties for this configuration needed by the factories. > However, having slept on it, the callback handler passed in to Sasl.createXXX() would need to handle all callbacks. Is there a way to get a 'real' callback handler for a user wishing to instantiate clients/servers this way? Or is the intent that they have to write their own CBH? -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-53) GSSAPI Make Delegated Credential Available

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-53?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse updated ELY-53: -------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > GSSAPI Make Delegated Credential Available > ------------------------------------------ > > Key: ELY-53 > URL: https://issues.jboss.org/browse/ELY-53 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > The server side of the mechanism can receive a delegated credential but there is no way to obtain it, we should provide a way for it to be obtained or provided. > _Note: This may be an Elytron integration point rather than something supported in the pure SASL mechanism._ -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-54) Support for stronger hashes as alternatives to MD5

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-54?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse updated ELY-54: -------------------------------- Fix Version/s: 1.1.0.Beta6 (was: 1.1.0.Beta5) > Support for stronger hashes as alternatives to MD5 > -------------------------------------------------- > > Key: ELY-54 > URL: https://issues.jboss.org/browse/ELY-54 > Project: WildFly Elytron > Issue Type: Feature Request > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta6 > > > Presently Digest authentication is based on MD5 - however we should either update the mechanism or add new mechanisms to support the use of stronger hashes. > As this library is used both client and server side installations that require the stronger hashes can just ensure the client and server have the latest version of this library - installations that still require interaction with MD5 will need to ensure that it is still available as a mechanism. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2019) Remove old plain style configuration

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2019?page=com.atlassian.jira.plugin.... ] Bela Ban resolved JGRP-2019. ---------------------------- Resolution: Done > Remove old plain style configuration > ------------------------------------ > > Key: JGRP-2019 > URL: https://issues.jboss.org/browse/JGRP-2019 > Project: JGroups > Issue Type: Task > Reporter: Bela Ban > Assignee: Bela Ban > Priority: Minor > Fix For: 4.0 > > > E.g. {{UDP:FD:MERGE(timeout=3000)}} -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-1067) Oracle DB issue for findTasksByVariableAndValue

by Maciej Swiderski (JIRA)

[ https://issues.jboss.org/browse/DROOLS-1067?page=com.atlassian.jira.plugi... ] Maciej Swiderski commented on DROOLS-1067: ------------------------------------------ this is not really kie server issue but general jbpm issue and is caused by JBPM-4889 (https://github.com/droolsjbpm/jbpm/commit/c56837e9efee4d7f4c3b93188756163...) as it set default size of column to 5000 which makes it too big for regular varchar in Oracle and makes it a LONG/LOB that cannot be used in queries. I'll lower it down to 4000 which is max for varchar2 > Oracle DB issue for findTasksByVariableAndValue > ----------------------------------------------- > > Key: DROOLS-1067 > URL: https://issues.jboss.org/browse/DROOLS-1067 > Project: Drools > Issue Type: Bug > Components: kie server > Affects Versions: 6.4.0.Beta2 > Environment: Kie server 6.4.0-SNAPSHOT > Database - Oracle 11gR2 > Reporter: Karel Suta > Assignee: Maciej Swiderski > Labels: reported-by-qe > Attachments: stacktrace.txt > > > Tried to run Kie server integration tests against database Oracle 11gR2. Got an error listed as attachment in test UserTaskServiceIntegrationTest.testFindTasksByVariableAndValue() . > Error is thrown when test calls: taskClient.findTasksByVariableAndValue("yoda", "_string", "john is working on it", null, 0, 10) -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

[JBoss JIRA] (JGRP-2018) Remove Channel and merge into JChannel

by Bela Ban (JIRA)

[ https://issues.jboss.org/browse/JGRP-2018?page=com.atlassian.jira.plugin.... ] Bela Ban resolved JGRP-2018. ---------------------------- Resolution: Done > Remove Channel and merge into JChannel > -------------------------------------- > > Key: JGRP-2018 > URL: https://issues.jboss.org/browse/JGRP-2018 > Project: JGroups > Issue Type: Task > Reporter: Bela Ban > Assignee: Bela Ban > Priority: Minor > Fix For: 4.0 > > > Method such as {{Channel Channel.setName()}} and {{JChannel JChannel.setName()}} are 2 separate methods, which causes problems with exposing attrs/methods via JMX. > Also, {{Channel}} has never had other subclasses than {{JChannel}}, so it isn't needed. -- This message was sent by Atlassian JIRA (v6.4.11#64026)

10 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2016