[jboss-jira] [JBoss JIRA] (AS7-4646) Management Console needs to support FORM authentication

[ https://issues.jboss.org/browse/AS7-4646?page=com.atlassian.jira.plugin.s... ] Jess Sightler edited comment on AS7-4646 at 4/26/12 2:58 PM: ------------------------------------------------------------- DoD Security Requirements: http://iase.disa.mil/stigs/a-z.html http://iase.disa.mil/stigs/downloads/zip/app_services_checklist_v1r1-1-20... See Sec3A, Requirement APS0140: "Only DIGEST, FORM, and CLIENT-CERT types can be used when setup and configured properly:" I don't really know why "DIGEST" is listed as acceptible (as a practical matter it isn't, due to other security restrictions). Technically, it doesn't have to be FORM based, as a Javascript transmission would also pass. Just HTTP BASIC will be a significant hindrance to AS/EAP deployment within government installations, though. was (Author: jsightler): DoD Security Requirements: http://iase.disa.mil/stigs/a-z.html http://iase.disa.mil/stigs/downloads/zip/app_services_checklist_v1r1-1-20... See Sec3A, Requirement APS0140: "Only DIGEST, FORM, and CLIENT-CERT types can be used when setup and configured properly:" I don't really know why "DIGEST" is listed as acceptible (as a practical matter it isn't, due to other security restrictions). Technically, it doesn't have to be FORM based, but this will be a significant blocker to AS/EAP deployment within government installations otherwise. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira