[JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule

Friday, 11 November 2016

    [
https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin...
] 

Steven Hawkins commented on TEIID-4561:
---------------------------------------

...
 There is no KeycloakLoginModule used, if one exists I am not sure
what it does (yet). Also, so far we have only used Keycloak for OAuth2, SAML purposes
only, not general authentication framework, that role is still done by jboss pickletlink.

It's referenced in both
https://teiid.gitbooks.io/documents/content/security/OAuth2_Based_Securit...
and
https://teiid.gitbooks.io/documents/content/security/SAML_Based_Security_...

...
 no, I am saying a new Subject is created here, not passed from
another layer, and access token is added as a private credential 
A Subject is passed into initialize and should be the one that is the current Subject for
the Teiid thread accessing the data source correct?  

Also it does appear that the OAuth20LoginModule is using the same logic as the
PassthroughLoginModule to later obtain the callerSubject in the login method.

...
 Deprecate the PassthroughIdentityLoginModule
 --------------------------------------------

                 Key: TEIID-4561
                 URL: https://issues.jboss.org/browse/TEIID-4561
             Project: Teiid
          Issue Type: Quality Risk
          Components: Server
            Reporter: Steven Hawkins
            Assignee: Steven Hawkins
             Fix For: 9.2

 The delegation capability of the PassthroughIdentityLoginModule can be associated with
the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of
the KerberosLoginModule).  Also the OAuthCredentialContext should be changed to use the
Subject private credentials rather than a ThreadLocal. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009