[JBoss JIRA] (ELY-446) Additional fields on SecurityIdentity

Monday, 14 March 2016

    [
https://issues.jboss.org/browse/ELY-446?page=com.atlassian.jira.plugin.sy...
] 

David Lloyd commented on ELY-446:
---------------------------------

Credential forwarding should cover the following scenarios:
* Propagating a clear password (like old JAAS/PicketBox propagation), either from the
stored identity or discovered during the mechanism execution (the latter will require a
separate enhancement to provide an API by which mechanisms may share this information)
* Propagating stored credentials for GSS mechanisms (e.g. Kerberos)
* Propagating stored credentials for other mechanisms (e.g. tokens of various kinds)

And the following requirements:
* Stored credential propagation has to be accessible from an AuthenticationConfiguration
to support outflow via PeerIdentity and other means
* Stored credentials must only be accessible to suitably privileged code

...
 Additional fields on SecurityIdentity
 -------------------------------------

                 Key: ELY-446
                 URL: https://issues.jboss.org/browse/ELY-446
             Project: WildFly Elytron
          Issue Type: Enhancement
          Components: API / SPI
            Reporter: David Lloyd
            Assignee: David Lloyd

 The following useful properties could be added to SecurityIdentity:
 * Identity creation time (the time when the identity itself is created, whether by login
or by run-as)
 * Authentication information, including:
 ** Login timestamp (the time of the original authentication)
 ** Login mechanism & kind (SASL/HTTP/TLS etc.)
 ** Login protocol (HTTP/Remoting/etc.) incl. enclosing TLS information if any
 * Authentication identity information, including:
 ** Original authentication name
 ** Authentication forwarding credential(s) 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006