[JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule

Wednesday, 9 November 2016

    [
https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin...
] 

Ramesh Reddy commented on TEIID-4561:
-------------------------------------

In DelegationCredentialContext the subject already contains the GssCredential on the
subject, in this case we need to inject the credential into Subject. OAuthCredential is
Teiid's own, there are no standards on delegation scenarios that I know of. BTW the
token is not available after web tier, it is OAuth2 access token. That is why I grabbed
that in the web filter and passed it on. I made it such that if the OAuthCredential from
web tier can be used to authenticate at data source layer this strategy will work.

...
 Deprecate the PassthroughIdentityLoginModule
 --------------------------------------------

                 Key: TEIID-4561
                 URL: https://issues.jboss.org/browse/TEIID-4561
             Project: Teiid
          Issue Type: Quality Risk
          Components: Server
            Reporter: Steven Hawkins
            Assignee: Steven Hawkins
             Fix For: 9.2

 The delegation capability of the PassthroughIdentityLoginModule can be associated with
the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of
the KerberosLoginModule).  Also the OAuthCredentialContext should be changed to use the
Subject private credentials rather than a ThreadLocal. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009