[
https://issues.jboss.org/browse/ELY-1053?page=com.atlassian.jira.plugin.s...
]
Jan Kalina commented on ELY-1053:
---------------------------------
Digest MD5 by RFC2831 allows server to provide more realms, from which client have to
choose realm against which it wants to authenticate. In that case client need *realm*
attribute in configuration to determine which realm (from realms allowed by server) to
choose.
https://tools.ietf.org/html/rfc2831 ??required if the server provided any realms in the
"digest-challenge", in which case it may appear exactly once and its value
SHOULD be one of those realms.??
Review realm attribute in Elytron authentication-configuration
--------------------------------------------------------------
Key: ELY-1053
URL:
https://issues.jboss.org/browse/ELY-1053
Project: WildFly Elytron
Issue Type: Bug
Affects Versions: 1.1.0.Beta31-SP1
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
Is there any real scenario for usage of {{realm}} attribute in
authentication-configuration?
If server provides DIGEST-MD5 mechanism and client chooses it, then server provides name
of realm which should be used for creating {{user:realm:password}} digest. It was the
original reason which was provided to us. However it seems that reason for that attribute
is currently different. What is the reason for attribute {{realm}} in
authentication-configuration?
This information will be also needed for documentation.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)