X509EvidenceVerifier.SubjectDnCertificateVerifier denies correct Subject DN due to incorrectly used equals ---------------------------------------------------------------------------------------------------------- Key: ELY-1274 URL: https://issues.jboss.org/browse/ELY-1274 Project: WildFly Elytron Issue Type: Bug Affects Versions: 1.1.0.Beta52 Reporter: Ondrej Lukas Assignee: Yeray Borges Priority: Critical X509EvidenceVerifier.SubjectDnCertificateVerifier verifies Subject DN based on String.equals method [1]. It means that valid Subject DN can be incorrectly denied because it includes (or does not include) space before comma etc. Example: When passed certificate includes DN {{CN=user,OU=EAP QE,...}} and LDAP entry includes entry with attribute value {{CN=user, OU=EAP QE, ...}} then it is not successfully verified. [1] https://github.com/wildfly-security/wildfly-elytron/blob/889b2a5d3ed4fbcc...