[jboss-jira] [JBoss JIRA] (ELY-1312) Further Scoping and Caching Enhancements to the SpnegoAuthenticationMechanism
[
https://issues.jboss.org/browse/ELY-1312?page=com.atlassian.jira.plugin.s...
]
Darran Lofthouse commented on ELY-1312:
---------------------------------------
We could even take this slightly further and allow these options to apply to other
mechanisms - e.g. FORM authentication could use an alternative SCOPE, e.g. specify SSL
Scope and without an SSLSession FORM authentication is not possible.
This could mean if your connection is clear mechanisms such as Digest or SCRAM are
possible but until an SSLSession is established FORM authentication is not possible. It
could potentially become a simple form of SSO where a common SSLSession is used across
multiple applications.
Further Scoping and Caching Enhancements to the
SpnegoAuthenticationMechanism
-----------------------------------------------------------------------------
Key: ELY-1312
URL: https://issues.jboss.org/browse/ELY-1312
Project: WildFly Elytron
Issue Type: Enhancement
Components: HTTP
Environment: #
Reporter: Darran Lofthouse
Fix For: 1.2.0.Beta1
Currently the SpnegoAuthenticationMechanism caches against the connection scope and uses
the cached GssContext to recreate the identity.
We should consider the following: -
# Using the same cached identity mechanism as is used by FORM authentication.
# Adding configuration to specify which scope to cache against.
# Add an option to disable caching entirely, this would need to take into account cases
where continuation is required as that would become unsupported.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)