[
https://issues.jboss.org/browse/WFLY-460?page=com.atlassian.jira.plugin.s...
]
Darran Lofthouse resolved WFLY-460.
-----------------------------------
Fix Version/s: 10.1.0.Final
Resolution: Out of Date
Current authenticators and authentication mechanisms are deprecated - switching to WildFly
Elytron which will have it's own nonce handling strategy.
Switchable Nonce Handling Strategy for HTTP DigestAuthenticator
---------------------------------------------------------------
Key: WFLY-460
URL:
https://issues.jboss.org/browse/WFLY-460
Project: WildFly
Issue Type: Task
Components: Security
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Labels: Common_Authentication
Fix For: 10.1.0.Final
Allow the nonce strategy to be switchable: -
1 - Real 'Number Used Once' - i.e. new nonce for each request.
2 - Nonce per connection i.e. as long as a connection is kept alive allow re-use of nonce
- new nonce on new connection.
3 - Timed nonce - Generate a nonce with a server secret and timestamp, nonce will be
accepted for a validity period.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)