[JBoss JIRA] (ELY-1208) Elytron dir-context ignores protocol, host and port options from Authentication Configuration

Tuesday, 30 May 2017

     [
https://issues.jboss.org/browse/ELY-1208?page=com.atlassian.jira.plugin.s...
]

Ondrej Lukas updated ELY-1208:
------------------------------
    Description: 
When Elytron {{dir-context}} uses {{authentication-context}} and obtains some
authentication configuration from it then dir context ignores obtained protocol, host and
port options from authentication configuration. Original {{dir-context.url}} is used
without any change.

It means some authentication client like following cannot be used with dir context:
{code}
<authentication-client>
    <authentication-configuration name="unsecureConfig"
authentication-name="uid=admin,ou=system">
        <credential-reference clear-text="secret"/>
    </authentication-configuration>
    <authentication-configuration name="secureConfig"
authentication-name="uid=admin,ou=system" protocol="ldaps"
port="10636">
        <credential-reference clear-text="secret"/>
    </authentication-configuration>
    <authentication-context name="authCtx">
        <match-rule match-purpose="secure"
authentication-configuration="secureConfig"/>
        <match-rule authentication-configuration="unsecureConfig"/>
    </authentication-context>
</authentication-client>
...
<dir-contexts>
    <dir-context name="dir-context" url="ldap://127.0.0.1:10389"
authentication-context="authCtx"/>
</dir-contexts>
{code}

  was:
When Elytron {{dir-context}} uses {{authentication-context}} and obtains some
authentication configuration from it then dir context ignores obtained protocol, host and
port options from authentication configuration. Original {{dir-context.url}} is used
without any change.

It means some authentication client like following cannot be used with dir context:
{code}
<authentication-client>
    <authentication-configuration name="unsecureConfig"
authentication-name="uid=admin,ou=system">
        <credential-reference clear-text="secret"/>
    </authentication-configuration>
    <authentication-configuration name="secureConfig"
authentication-name="uid=admin,ou=system" protocol="ldaps"
port="10636">
        <credential-reference clear-text="secret"/>
    </authentication-configuration>
    <authentication-context name="authCtx">
        <match-rule match-purpose="secure"
authentication-configuration="secureConfig"/>
        <match-rule authentication-configuration="unsecureConfig"/>
    </authentication-context>
</authentication-client>
...
<dir-contexts>
    <dir-context name="dir-context" url="ldap://127.0.0.1:10389"
authentication-context="authCtx"/>
</dir-contexts>
{code}

We request blocker since {{dir-context}} is not able to use feature which are provided by
{{authentication-context}} which means lack of features for {{dir-context}} and can be
confused for users.

...
 Elytron dir-context ignores protocol, host and port options from
Authentication Configuration

---------------------------------------------------------------------------------------------

                 Key: ELY-1208
                 URL: https://issues.jboss.org/browse/ELY-1208
             Project: WildFly Elytron
          Issue Type: Bug
    Affects Versions: 1.1.0.Beta47
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse
            Priority: Blocker

 When Elytron {{dir-context}} uses {{authentication-context}} and obtains some
authentication configuration from it then dir context ignores obtained protocol, host and
port options from authentication configuration. Original {{dir-context.url}} is used
without any change.
 It means some authentication client like following cannot be used with dir context:
 {code}
 <authentication-client>
     <authentication-configuration name="unsecureConfig"
authentication-name="uid=admin,ou=system">
         <credential-reference clear-text="secret"/>
     </authentication-configuration>
     <authentication-configuration name="secureConfig"
authentication-name="uid=admin,ou=system" protocol="ldaps"
port="10636">
         <credential-reference clear-text="secret"/>
     </authentication-configuration>
     <authentication-context name="authCtx">
         <match-rule match-purpose="secure"
authentication-configuration="secureConfig"/>
         <match-rule authentication-configuration="unsecureConfig"/>
     </authentication-context>
 </authentication-client>
 ...
 <dir-contexts>
     <dir-context name="dir-context" url="ldap://127.0.0.1:10389"
authentication-context="authCtx"/>
 </dir-contexts>
 {code} 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006