August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-251) More certain credential based mechanism selection.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-251?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-251: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > More certain credential based mechanism selection. > -------------------------------------------------- > > Key: ELY-251 > URL: https://issues.jboss.org/browse/ELY-251 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > > When filtering authentication mechanisms we need to really be able to offer two modes: - > 1 - Only offer a mech if we are sure it is supported. > Risks only offering a weaker mechanism in a mixed domain but also eliminates mechanisms that could fail for a valid user that just happens to have a different credential type. > 2- More general support. > i.e. offer the mechs that may be supported. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-243) Ensure reference to repository is removed from pom

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-243?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-243: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Ensure reference to repository is removed from pom > -------------------------------------------------- > > Key: ELY-243 > URL: https://issues.jboss.org/browse/ELY-243 > Project: WildFly Elytron > Issue Type: Task > Components: Build > Reporter: Darran Lofthouse > Priority: Blocker > Fix For: 1.2.0.Beta3 > > > We need to ensure the reference to the JBoss repo is removed from the pom and artefacts are available from Maven Central. > Also at this point probably good to put the steps in place for Elytron to also be available from Maven Central. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-214) Add support for OpenSSL-style key and certificate files

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-214?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-214: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Add support for OpenSSL-style key and certificate files > ------------------------------------------------------- > > Key: ELY-214 > URL: https://issues.jboss.org/browse/ELY-214 > Project: WildFly Elytron > Issue Type: Enhancement > Components: KeyStores > Reporter: David Lloyd > Assignee: Pedro Igor > Fix For: 1.2.0.Beta3 > > > Do the following: > * Research the various supported key and cert file formats supported by OpenSSL > * Determine what the JSSE equivalent is of each, if any > * Add {{KeyStore}} support for keys of any type or format which is not supported by JSSE -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-183) Protocols for password changing

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-183?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-183: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Protocols for password changing > ------------------------------- > > Key: ELY-183 > URL: https://issues.jboss.org/browse/ELY-183 > Project: WildFly Elytron > Issue Type: Enhancement > Components: API / SPI > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > > Potentially this is a bit of a research task, as I have mentioned in a couple of places I don't like relying on SSL exclusively for confidentiality - my reasons being it is perfect until their is a compromise and then it is as useful as a chocolate tea pot ;-) > A lot of the emphasis in the Elytron development so far has been implementation of the more secure SASL mechanisms to eliminate weak password exchanges between a client and the server - however we still have the need for password to be set remotely, this task is to explore some of those options. > Are there any existing protocols to remotely set a password securely? > Is there anything specific to our current password types we can take advantage of? > Are there features of any of our SASL mechanisms to apply a second layer of confidentiality? > Any other options? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-170) Transition the still useful parts of JBoss Negotiation into Elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-170?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-170: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Transition the still useful parts of JBoss Negotiation into Elytron > ------------------------------------------------------------------- > > Key: ELY-170 > URL: https://issues.jboss.org/browse/ELY-170 > Project: WildFly Elytron > Issue Type: Feature Request > Components: Utils > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > > Generally JBoss Negotiation should be obsolete, however some portions may be useful to be included in Elytron e.g. the SPNEGO parsing so that we can display some meaningful diagnostics. > By the time we reach the end of WildFly 10 nothing should require a direct dependency on JBoss Negotiation and really it should be removed from the application server distribution. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-447) SSLContext that can be registered as the default and differentiate between client and server.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-447?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-447: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > SSLContext that can be registered as the default and differentiate between client and server. > --------------------------------------------------------------------------------------------- > > Key: ELY-447 > URL: https://issues.jboss.org/browse/ELY-447 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-436) Dynamic mechanism selection properties.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-436?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-436: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Dynamic mechanism selection properties. > --------------------------------------- > > Key: ELY-436 > URL: https://issues.jboss.org/browse/ELY-436 > Project: WildFly Elytron > Issue Type: Feature Request > Components: HTTP, SASL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > > The title may be a bit too close to implementation than requirement! > However we may want to filter mechanisms based on other criteria e.g. if the transport is confidential. So depending on confidentiality we may want to be able to configure a policy that restricts when plain text mechanisms are used. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-432) Support setEnableSessionCreation on ServerSSLContextBuilder

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-432?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-432: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Support setEnableSessionCreation on ServerSSLContextBuilder > ----------------------------------------------------------- > > Key: ELY-432 > URL: https://issues.jboss.org/browse/ELY-432 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > > It is already possible to configure this one for XNIO and Undertow so we should add this config option to our own builder. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-430) Add HostnameVerifier implementation

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-430?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-430: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Add HostnameVerifier implementation > ----------------------------------- > > Key: ELY-430 > URL: https://issues.jboss.org/browse/ELY-430 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > > We should at the very least have a sensible default implementation checking the certificate against the host name. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-422) Default SSLContext?

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-422?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse updated ELY-422: --------------------------------- Fix Version/s: 1.2.0.Beta3 (was: 1.2.0.Beta1) > Default SSLContext? > ------------------- > > Key: ELY-422 > URL: https://issues.jboss.org/browse/ELY-422 > Project: WildFly Elytron > Issue Type: Task > Components: SSL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta3 > > > We know we want one, what we don't know is exactly that it means and is it an Elytron concern or subsystem concern. > One issue is within Elytron our SSLContext implementations are either server side specific or client side specific - we may even want to review if there is any way to review what it is being used for and act accordingly. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017