Re: [security-dev] Undertow IDM
One point - within Undertow access to the IDM should not necessarily be
considered an authentication attempt, i.e. in Digest the IDM may be
accessed even if the nonce is known to be out of date.
However we do have a notification framework within Undertow for
successful and failed authentication attempts - that would be a better
point to handle any locking.
Although at the same point would need be very careful how this is
handled before it becomes an easy denial of service route.
On 24/04/13 20:38, Pedro Igor Silva wrote:
I think PL IDM can supply most of the methods defined in the
IdentityManager interface.
Only not sure about the somethings related with password reset and account locking.
Althought the Credential API maintains the history of password updates and custom
attributes can also be used. Not sure, but maybe we should have that in PL IDM, built-in
support for password reset and account locking.
Regarding DIGEST authentication and the getPassword method, if using PL IDM this method
is not necessary because we always store the HA1 value (MD5(username:realm:password)). So
you only need to pass the provided password that it will be checked internally.
That is going to be a bigger discussion but not one for this thread, in
Undertow we need support for stronger hashes in addition to MD5 and also
need access to the pre-hashed value at the very least to complete the
Digest implementation.
Regards.
Pedro Igor
----- Original Message -----
From: "Anil Saldhana" <Anil.Saldhana(a)redhat.com>
To: security-dev(a)lists.jboss.org
Sent: Wednesday, April 24, 2013 3:54:48 PM
Subject: [security-dev] Undertow IDM
Hi all,
https://github.com/undertow-io/undertow/tree/master/core/src/main/java/io...
I am wondering how we can use PicketLink IDM in Undertow.
Regards,
Anil
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev