[JBoss JIRA] (ELYWEB-99) HTTP External Security Not Supported by Elytron
by Farah Juma (Jira)
[ https://issues.redhat.com/browse/ELYWEB-99?page=com.atlassian.jira.plugin... ]
Farah Juma updated ELYWEB-99:
-----------------------------
Summary: HTTP External Security Not Supported by Elytron (was: [GSS][7.2.2] HTTP External Security Not Supported by Elytron)
> HTTP External Security Not Supported by Elytron
> -----------------------------------------------
>
> Key: ELYWEB-99
> URL: https://issues.redhat.com/browse/ELYWEB-99
> Project: Elytron Web
> Issue Type: Feature Request
> Reporter: Ashley Abdel-Sayed
> Assignee: Ashley Abdel-Sayed
> Priority: Major
> Fix For: 1.8.0.Final
>
>
> For legacy security, there's an EXTERNAL HTTP authentication mechanism (io.undertow.security.impl.ExternalAuthenticationMechanism) which performs no verification and simply uses the principal that was passed from the REMOTE_USER attribute by the AJP protocol. There is a "ClientLoginModule" in legacy security used as such: https://access.redhat.com/solutions/3465231. It is a requirement to add an equivalent of this EXTERNAL mechanism available in legacy and Elytron-SASL for Elytron-HTTP in order to migrate away from legacy security.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 10 months
[JBoss JIRA] (ELY-1921) HTTP External Security Not Supported by Elytron
by Farah Juma (Jira)
[ https://issues.redhat.com/browse/ELY-1921?page=com.atlassian.jira.plugin.... ]
Farah Juma updated ELY-1921:
----------------------------
Summary: HTTP External Security Not Supported by Elytron (was: [GSS][7.2.2] HTTP External Security Not Supported by Elytron)
> HTTP External Security Not Supported by Elytron
> -----------------------------------------------
>
> Key: ELY-1921
> URL: https://issues.redhat.com/browse/ELY-1921
> Project: WildFly Elytron
> Issue Type: Feature Request
> Affects Versions: 1.11.0.Final
> Reporter: Ashley Abdel-Sayed
> Assignee: Ashley Abdel-Sayed
> Priority: Major
> Fix For: 1.13.0.Final
>
>
> For legacy security, there's an EXTERNAL HTTP authentication mechanism (io.undertow.security.impl.ExternalAuthenticationMechanism) which performs no verification and simply uses the principal that was passed from the REMOTE_USER attribute by the AJP protocol. There is a "ClientLoginModule" in legacy security used as such: https://access.redhat.com/solutions/3465231. It is a requirement to add an equivalent of this EXTERNAL mechanism available in legacy and Elytron-SASL for Elytron-HTTP in order to migrate away from legacy security.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 10 months
[JBoss JIRA] (ELY-1921) [GSS][7.2.2] HTTP External Security Not Supported by Elytron
by Farah Juma (Jira)
[ https://issues.redhat.com/browse/ELY-1921?page=com.atlassian.jira.plugin.... ]
Farah Juma updated ELY-1921:
----------------------------
Fix Version/s: 1.13.0.Final
> [GSS][7.2.2] HTTP External Security Not Supported by Elytron
> ------------------------------------------------------------
>
> Key: ELY-1921
> URL: https://issues.redhat.com/browse/ELY-1921
> Project: WildFly Elytron
> Issue Type: Feature Request
> Affects Versions: 1.11.0.Final
> Reporter: Ashley Abdel-Sayed
> Assignee: Ashley Abdel-Sayed
> Priority: Major
> Fix For: 1.13.0.Final
>
>
> For legacy security, there's an EXTERNAL HTTP authentication mechanism (io.undertow.security.impl.ExternalAuthenticationMechanism) which performs no verification and simply uses the principal that was passed from the REMOTE_USER attribute by the AJP protocol. There is a "ClientLoginModule" in legacy security used as such: https://access.redhat.com/solutions/3465231. It is a requirement to add an equivalent of this EXTERNAL mechanism available in legacy and Elytron-SASL for Elytron-HTTP in order to migrate away from legacy security.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
5 years, 10 months