Re: [security-dev] Undertow IDM

On 25/04/13 05:38, Pedro Igor Silva wrote: > I think PL IDM can supply most of the methods defined in the IdentityManager interface. > > Only not sure about the somethings related with password reset and account locking. Althought the Credential API maintains the history of password updates and custom attributes can also be used. Not sure, but maybe we should have that in PL IDM, built-in support for password reset and account locking. We already provide support for account locking: user.setEnabled(false); As for password reset, I really think that it's an application-specific function. It's really only a couple of lines of PLIDM code, the bulk of the work is building the user interface and action bean.

> Regarding DIGEST authentication and the getPassword method, if using PL IDM this method is not necessary because we always store the HA1 value (MD5(username:realm:password)). So you only need to pass the provided password that it will be checked internally. > > Regards. > Pedro Igor > > ----- Original Message ----- > From: "Anil Saldhana" <Anil.Saldhana(a)redhat.com&gt; > To: security-dev(a)lists.jboss.org > Sent: Wednesday, April 24, 2013 3:54:48 PM > Subject: [security-dev] Undertow IDM > > Hi all, > https://github.com/undertow-io/undertow/tree/master/core/src/main/java/io... > > I am wondering how we can use PicketLink IDM in Undertow. > > Regards, > Anil