April 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-822) Move MechanismConfiguration from SecurityFactory<Credential> to CredentialSource

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-822?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-822: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > Move MechanismConfiguration from SecurityFactory<Credential> to CredentialSource > -------------------------------------------------------------------------------- > > Key: ELY-822 > URL: https://issues.jboss.org/browse/ELY-822 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta39 > > > This will make it consistent with client side configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-810) Unify CredentialStore around CredentialSource style storage capability

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-810?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-810: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > Unify CredentialStore around CredentialSource style storage capability > ---------------------------------------------------------------------- > > Key: ELY-810 > URL: https://issues.jboss.org/browse/ELY-810 > Project: WildFly Elytron > Issue Type: Task > Components: Credential Store > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta39 > > > The following needs to be done: > * Move the PB masked password format to a proper password type > * Introduce protection parameters for credential stores and entries > * Drop the admin_key concept in favor of credential store protection parameters > * Introduce a proper vault-compatible credential store > * Introduce a mechanism to pull protection parameters for stores from the client configuration > * Use a credential store which can store (nearly) any credential type > * Update XML accordingly > * Remove dangerous command execution patterns from credential store, make them safe and make them CredentialSources instead > * Clean up exception hierarchy of credential stores > * Introduce simple map-backed credential store > Additionally, the above implies: > * Introduce AlgorithmParameterSpi for password parameter types > * Introduce hashing ability for parameters > * Add missing parameter types for PBE > * Introduce serialization trickery to support picketbox class names for vault files > * Atomic file output stream > * Update tests as needed -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-770) Review SASL mechanism handling of isComplete()

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-770?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-770: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > Review SASL mechanism handling of isComplete() > ---------------------------------------------- > > Key: ELY-770 > URL: https://issues.jboss.org/browse/ELY-770 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta39 > > > The javadoc of the isComplete() method states: - > _Determines whether the authentication exchange has completed. This method is typically called after each invocation of evaluateResponse() to determine whether the authentication has completed successfully or should be continued._ > Also getAuthorizationID() states: - > _Reports the authorization ID in effect for the client of this session. This method can only be called if isComplete() returns true. > _ > Although the former is very vague there just seem to be a suggestion that complete means successfully complete, our mechs are setting complete very early and other wrappers such as AuthenticationCompleteCallbackSaslServerFactory are using complete as a flag to report failures. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-773) Where AuthenticationConfiguration has calls to PasswordFactory.getInstance(alg) pass in Supplier<Provider[]>

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-773?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-773: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > Where AuthenticationConfiguration has calls to PasswordFactory.getInstance(alg) pass in Supplier<Provider[]> > ------------------------------------------------------------------------------------------------------------ > > Key: ELY-773 > URL: https://issues.jboss.org/browse/ELY-773 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: David Lloyd > Priority: Critical > Fix For: 1.1.0.Beta39 > > > This may be obsoleted by ongoing work but just wanted an issue to track where AuthenticationConfiguration and related classes currently uses PaswordFactory.getInstance without passing in a Supplier for Provider[]. > * SetCredentialsConfiguration > * SetKeyStoreCredentialAuthenticationConfiguration > * ElytronAuthenticator > * ElytronXmlParser. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-774) KeystorePasswordStore needs to be optionally passed a Supplier<Provider[]>

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-774?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-774: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > KeystorePasswordStore needs to be optionally passed a Supplier<Provider[]> > -------------------------------------------------------------------------- > > Key: ELY-774 > URL: https://issues.jboss.org/browse/ELY-774 > Project: WildFly Elytron > Issue Type: Task > Components: Credential Store > Reporter: Darran Lofthouse > Assignee: Peter Skopek > Fix For: 1.1.0.Beta39 > > > The current implementation assumes it is globally registered but we may want a configuration without global registration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-766) It should be possible for domains to be configured with a list of other domains to proactively outflow to.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-766?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-766: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > It should be possible for domains to be configured with a list of other domains to proactively outflow to. > ---------------------------------------------------------------------------------------------------------- > > Key: ELY-766 > URL: https://issues.jboss.org/browse/ELY-766 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta39 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-939) We need to be able to support standard KeyManager instances

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-939?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-939: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > We need to be able to support standard KeyManager instances > ----------------------------------------------------------- > > Key: ELY-939 > URL: https://issues.jboss.org/browse/ELY-939 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta39 > > > When using PKCS#11 we should not assume we can manipulate the private keys etc.. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-938) KeyStore in authentication client should not mandate an input source

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-938?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-938: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > KeyStore in authentication client should not mandate an input source > -------------------------------------------------------------------- > > Key: ELY-938 > URL: https://issues.jboss.org/browse/ELY-938 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta39 > > > Some keystores such as PKCS#11 are initialised without an InputStream. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-937) SSLContext in authentication client has no trust configuration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-937?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-937: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > SSLContext in authentication client has no trust configuration > -------------------------------------------------------------- > > Key: ELY-937 > URL: https://issues.jboss.org/browse/ELY-937 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta39 > > > Currently it requires on the system default so it is not possible to configure trusted certificate authorities. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-936) Complete equivalent of CLIENT_CERT authentication for SASL

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-936?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-936: --------------------------------- Fix Version/s: 1.1.0.Beta39 (was: 1.1.0.Beta38) > Complete equivalent of CLIENT_CERT authentication for SASL > ---------------------------------------------------------- > > Key: ELY-936 > URL: https://issues.jboss.org/browse/ELY-936 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 1.1.0.Beta39 > > > This will likely extend outside of Elytron but track it here first. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2017