[jboss-jira] [JBoss JIRA] (SECURITY-671) Negotiation/SPNEGO: Fallback to authenticate Form/Basic with ActiveDirectory

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Mon Jul 23 10:41:50 EDT 2012 

    [ https://issues.jboss.org/browse/SECURITY-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12707313#comment-12707313 ] 

Darran Lofthouse commented on SECURITY-671:
-------------------------------------------

In that case why don't you post the code here to be reviewed further - longer term for AS 7 the plan is to move on from the current approach of JBoss Negotiation to an approach that is less dependent on the multiple domain definitions that would be the better point to review how the fallback scenarios are implemented.

                
> Negotiation/SPNEGO: Fallback to authenticate Form/Basic with ActiveDirectory
> ----------------------------------------------------------------------------
>
>                 Key: SECURITY-671
>                 URL: https://issues.jboss.org/browse/SECURITY-671
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>         Environment: EAP 6.0.0 / JBossAS 7.1.2
>            Reporter: Jochen Riedlinger
>            Assignee: Darran Lofthouse
>
> Since Version 4 of JBossAS we had our own implementations of a SPNEGOAuthenticator and SPNEGOLoginModule. While trying to migrate to EAP 6 I wanted to switch to your imlementation, because it is officially supported.
> Unfortunately I find that your implementation is not yet finished because it lacks in a fallback solution that is able to validate username/password from BASIC/FORM authentication with ActiveDirectory.
> Since I had this feature in my old implementation I want to offer to contribute it here to the Negotiation component of the project (unfortunately there is no JIRA component for Negotiation).
> I think this would be valuable for anybody using SPNEGO.
> My implementation would even word for remote-ejb-calls (with plain username password sent OR when sending a kerberos ticket in the password field)
> If you are interested I'll upload my code and configuration instructions (RedHat employees can already see it in Support Case 00640390).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list