[jboss-jira] [JBoss JIRA] (AS7-5246) Allow for SSL LDAP connection in security realms.

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Mon Nov 12 08:39:18 EST 2012 

     [ https://issues.jboss.org/browse/AS7-5246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated AS7-5246:
----------------------------------

    Description: 
Within domain management where we define outbound connections to LDAP directory servers we require the ability to configure key and trust stores for the connection - presently we rely on JVM global configuration for these.

To access the directory servers we construct an InitialDirContext, by default this does not have SSL settings - to overcome this we may be able to make use of a custom SSLSocketFactory for opening the connection to the server with our custom key and trust store settings.

We need to provide support for the following scenarios: -

- Present day situation relying on username / password authentication and global SSL settings.

- Independently specifying key and trust stores.

- Servers key being mandatory but not used for authentication.
  In that case the servers key can be used for both the search connection and the password testing connection.

- Server key being used for authentication.
  No password will be sent for the search connection but the password test connection must not use the key and must instead use the users password.


  was:
The LDAP connections used for authentication should allow for SSL connections.

This will require some planning as on one hand we have the option for the server to authenticate based on it's private key but there also needs to be a username / password based connection to verify the user.


    
> Allow for SSL LDAP connection in security realms.
> -------------------------------------------------
>
>                 Key: AS7-5246
>                 URL: https://issues.jboss.org/browse/AS7-5246
>             Project: Application Server 7
>          Issue Type: Feature Request
>          Components: Domain Management
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>            Priority: Critical
>             Fix For: 7.2.0.Alpha1
>
>
> Within domain management where we define outbound connections to LDAP directory servers we require the ability to configure key and trust stores for the connection - presently we rely on JVM global configuration for these.
> To access the directory servers we construct an InitialDirContext, by default this does not have SSL settings - to overcome this we may be able to make use of a custom SSLSocketFactory for opening the connection to the server with our custom key and trust store settings.
> We need to provide support for the following scenarios: -
> - Present day situation relying on username / password authentication and global SSL settings.
> - Independently specifying key and trust stores.
> - Servers key being mandatory but not used for authentication.
>   In that case the servers key can be used for both the search connection and the password testing connection.
> - Server key being used for authentication.
>   No password will be sent for the search connection but the password test connection must not use the key and must instead use the users password.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list