[jboss-jira] [JBoss JIRA] Commented: (SECURITY-141) Fallback to different authenticator if authentication fails

Jacob Orshalick (JIRA) jira-events at lists.jboss.org
Tue Dec 15 15:03:38 EST 2009 

    [ https://jira.jboss.org/jira/browse/SECURITY-141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12500131#action_12500131 ] 

Jacob Orshalick commented on SECURITY-141:
------------------------------------------

Hi Darran,

Is this ticket also related to falling back to a lesser WWW-Authenticate mechanism?  (e.g. Digest or Basic).   I have implemented a solution that refactors the NegotiationAuthenticator allowing the user to configure Basic fallback if they choose.  In addition, the solution makes it pretty simple to incorporate Digest fallback as well.  Would there be interest in this patch?  If needed, I would be happy to create a separate ticket and provide the implementation.  Thanks!

> Fallback to different authenticator if authentication fails
> -----------------------------------------------------------
>
>                 Key: SECURITY-141
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-141
>             Project: JBoss Security and Identity Management
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: Negotiation_2.0.3.SP3
>
>
> Need to consider how this will work especially regarding security domains, possible to do something active directory - password-stacking and an LDAP login module that for negotiation does just role mapping and for non negotiation also does authentication.
> This issue is to allow fallback to FORM authentication where SPNEGO is not supported.
> As a side effect this should also allow username/password authentication where SPNEGO did not take place e.g. direct calls to EJBs from non web-tier.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list