[jboss-jira] [JBoss JIRA] Updated: (JBAS-2283) Look into custom header based authentication
Anil Saldhana (JIRA)
jira-events at jboss.com
Wed Aug 23 20:23:44 EDT 2006
[ http://jira.jboss.com/jira/browse/JBAS-2283?page=all ]
Anil Saldhana updated JBAS-2283:
--------------------------------
Fix Version/s: JBossAS-4.0.5.GA
JBossAS-5.0.0.CR1
(was: JBossAS-5.0.1.CR1)
I have a HeaderAuthenticator that has cleared SiteMinder and RSA Cleartrust. It will not take me time to make this into a generic header based authenticator.
> Look into custom header based authentication
> --------------------------------------------
>
> Key: JBAS-2283
> URL: http://jira.jboss.com/jira/browse/JBAS-2283
> Project: JBoss Application Server
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Web (Tomcat) service, Security
> Reporter: Scott M Stark
> Assigned To: Anil Saldhana
> Fix For: JBossAS-5.0.0.CR1, JBossAS-4.0.5.GA
>
> Attachments: B19006.pdf, B19008v2.pdf, B19013.pdf
>
>
> We have been getting requests for custom authentication methods based around prorpietary headers/logic. The following attachments describe the oracle COREid product.
> B19006.pdf - high level overview of how the product works
> B19008v2.pdf - details of authentication protocol (p. 85 - 92)
> B19013.pdf - documentation about API
> Likely the most important part is assuming a user is who the HTTP_OBLIX_UID header says they are. The COREid server and the firewall should protect the server from unauthorized access.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list