[jboss-jira] [JBoss JIRA] (WFLY-1056) Certificate to principal mapping

RH Bugzilla Integration (JIRA) jira-events at lists.jboss.org
Fri Oct 25 15:44:02 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-1056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12825135#comment-12825135 ] 

RH Bugzilla Integration commented on WFLY-1056:
-----------------------------------------------

Stefan Guilhen <sguilhen at redhat.com> made a comment on [bug 901309|https://bugzilla.redhat.com/show_bug.cgi?id=901309]

A property to allow configuration of the certificate mapper should have been added to the web subsystem since its inception. Adding it now is not trivial (there is no place to configure the WebRealm in the web subsystem). We could look into adding a system property to allow for the config of the mapper or just use the workaround Derek described above.

I'm setting devel_ack to "-". There is a workaround available and I think we need more time to come up with a proper solution. If anybody thinks that adding a system property is a good idea we can probably code something next week.
                
> Certificate to principal mapping
> --------------------------------
>
>                 Key: WFLY-1056
>                 URL: https://issues.jboss.org/browse/WFLY-1056
>             Project: WildFly
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Security
>            Reporter: Yves Peter
>            Assignee: Anil Saldhana
>
> In JBoss 7 it is no longer possible to configure how a certificate is mapped to a principal using client-cert authentication. The dynamic code was removed in JBoss 7 in the JBossWebRealm and is now hard coded to use the SubjectDNMapping:
> http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.jbossas/jboss-as-tomcat/6.1.0.Final/org/jboss/web/tomcat/security/JBossWebRealm.java
> http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.as/jboss-as-web/7.0.1.Final/org/jboss/as/web/security/JBossWebRealm.java
> Also the JBossWebRealm does only consider role- but no principal-mapping modules.
> We use this to authenticate users against an ldap server where the dn of the user doesn't match the dn in the ldap server. Also it's useful for display purpose in an application.
> An example and some further information is in the linked user form thread.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list