[
https://issues.jboss.org/browse/ELY-712?page=com.atlassian.jira.plugin.sy...
]
Jan Kalina moved JBEAP-6822 to ELY-712:
---------------------------------------
Project: WildFly Elytron (was: JBoss Enterprise Application Platform)
Key: ELY-712 (was: JBEAP-6822)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Authentication Mechanisms
(was: Security)
Affects Version/s: (was: 7.1.0.DR7)
Elytron GSSCredential propagation
---------------------------------
Key: ELY-712
URL:
https://issues.jboss.org/browse/ELY-712
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Mechanisms
Reporter: Jan Kalina
Assignee: Jan Kalina
User can't achieve identity propagation scenario with elytron, so far:
# Client authenticate to web application using SPNEGO
# Web application calls another service (database, another web application, ... ) on
behalf of user.
# Web applications wants to use provided gss credential, but there is no way to get
associated credentials in elytron, so far
Basically use case tested in AS TS with legacy security [1]
Legacy approach using {{DelegationCredentialContext.getDelegCredential()}} return null in
elytron.
Actually there exists pull request the delegated credential will be associated with the
SecurityIdentity [2] . This JIRA is created mainly for tracking purpose to process it
properly once pending commit gets to EAP.
[1]
https://github.com/wildfly/wildfly/blob/15f9a4f2b5a10cc3acbaa2df57d5cc13d...
testIdentityPropagation
[2]
https://github.com/wildfly-security/wildfly-elytron/pull/434/commits/9b5a...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)