August 2013 - security-dev - Jboss List Archives

by George Gastaldi

Hello, I have developed a simple application showing how to integrate PicketLink with Agorava. Check this out: https://github.com/gastaldi/agorava-picketlink Best Regards, -- George Gastaldi | Senior Software Engineer JBoss Forge Team Red Hat

10 years, 3 months

2
1
0 / 0

OAuth2 provider

by Bruno Oliveira

Good morning guys, Will PicketLink 2.5 final have OAuth2 provider implemented? I couldn't find any reference into the Javadocs or documentation, the source code leads me to social implementation. -- abstractj

10 years, 9 months

4
4
0 / 0

Propose to change package org.picketlink.idm.model.sample to org.picketlink.idm.model.basic

by Anil Saldhana

Hi All, my proposal is to change org.picketlink.idm.model.sample package to org.picketlink.idm.model.basic. This package hosts classes that act as the basic model that 90%+ apps will use. This will mean changes to some of class names such as SampleModel to BasicModel https://github.com/picketlink/picketlink/tree/master/modules/idm/api/src/... Quickstarts and documentation will need to be updated. The word "sample" is going to create confusion among users. Had IRC chat with Pedro and Bruno on this issue. They think it is suitable to do it. I know this is a post CR1 change. Hence it is best to get your opinion on this proposal. Regards, Anil

10 years, 10 months

6
6
0 / 0

Picketlink + Agorava integration

by George Gastaldi

Hello, I have developed a simple application showing how to integrate PicketLink with Agorava. Check this out: https://github.com/gastaldi/agorava-picketlink Best Regards, -- George Gastaldi | Senior Software Engineer JBoss Forge Team Red Hat

10 years, 10 months

2
2
0 / 0

PicketLink 2.5.0.CR2 Released

by Pedro Igor Silva

Hi All, Today we released PicketLink 2.5.0.CR2. Documentation can be obtained from: http://docs.jboss.org/picketlink/2/latest Issues for this version: https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310923&versi... This version is already updated with https://issues.jboss.org/browse/PLINK-242 Regards. Pedro Igor

10 years, 10 months

1
0
0 / 0

PicketLink 2.5.0.CR1 Released

by Pedro Igor Silva

Hi All, Today we released PicketLink 2.5.0.CR1. Documentation can be obtained from: http://docs.jboss.org/picketlink/2/latest Issues for this version: hhttps://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310923&vers... Regards. Pedro Igor

10 years, 10 months

2
1
0 / 0

managing OTP

by Bill Burke

There's a few issues with managing credentials. The first is, there is no way to remove a credential. This is essential to TOTP as you may end up with a lost or obsolete device. https://issues.jboss.org/browse/PLINK-236 THe 2nd is that for TOTP, you will want to check every device on a credential validation rather than just one: https://issues.jboss.org/browse/PLINK-237 Our own VPN allows me to set up multiple tokens. I have one on my iphone and ipad just in case I lose one or the other. OUr VPN allows me to use either to login in. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 10 months

5
10
0 / 0

updateCredential will leak

by Bill Burke

updateCredential doesn't update the old one, it creates a new one. The only reason this works is because the password handler query for the most current credential. (Same as TOTP). This will be a storage leak over time as passwords are reset and tokens added/created. https://issues.jboss.org/browse/PLINK-238 -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 10 months

1
0
0 / 0

PicketLink v2.5.0.Final pretty soon

by Anil Saldhana

Hi all, after some consultation with the PicketLink ninjas, we have decided to do a final beta release this week before the first CR. If Beta7 is clear (Bruno can confirm with his Aerogear requirement), we will do a CR (probably over the weekend/monday). Based on documentation, qe and quickstarts reviews, we will decide on the final release of v2.5.0. It has been a fantastic journey for the PicketLink team with excellent support/feedback from the other teams (RESTEasy, DevExp, JDF, Aerogear, GateIn, Overlord, Forge,Wildfly,<other teams I missed>) Regards, Anil

10 years, 10 months

3
4
0 / 0

JPA is a can of worms for Wildfly startup

by Anil Saldhana

Hi All, http://lists.jboss.org/pipermail/wildfly-dev/2013-August/000574.html (thanks to Jason, Bill and Scott Marlow for the discussion) Jason has provided some objections to the JPA usage in PicketLink that can affect Wildfly boot time performance. He had raised this concern last time for the JPAIdentityStore implementation in PicketLink v2.5 which we have been trying to mitigate via the implementation of a JDBC driven Identity Store. The discussion happening in the thread above however is for the JPABasedTokenRegistry and JPABasedRevocationRegistry part of v2.1.x which predates PicketLink v2.5 https://github.com/picketlink2/federation/blob/master/picketlink-core/src... https://github.com/picketlink2/federation/blob/master/picketlink-core/src... I think we should also implement a straight JDBC based token registry and revocation registry to avoid the Wildfly boot drag. Regards, Anil

10 years, 10 months

2
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

security-dev August 2013