[jboss-jira] [JBoss JIRA] (WFLY-2850) AJP connector with external authentication

Stuart Douglas (JIRA) issues at jboss.org
Mon Apr 7 03:00:14 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-2850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12959570#comment-12959570 ] 

Stuart Douglas commented on WFLY-2850:
--------------------------------------

ExternalAuthenticationMechanism is the one I was talking about, it can be enabled by setting the auth-method to EXTERNAL in web.xml. 

This should mean that the picketbox authentication code will be called with the credential set to an instance of io.undertow.security.idm.ExternalCredential, to make this work you will need to provide a LoginModule that just accepts this credential, and then sets up the users roles. If you get a nightly build this should just work, although i have not had a chance to test this yet and I am not sure if I will get time before 8.0.1 is released.
                
> AJP connector with external authentication
> ------------------------------------------
>
>                 Key: WFLY-2850
>                 URL: https://issues.jboss.org/browse/WFLY-2850
>             Project: WildFly
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Web (Undertow)
>    Affects Versions: 8.0.0.CR1
>            Reporter: Geert Coelmont
>            Assignee: Stuart Douglas
>            Priority: Critical
>
> Tomcat allows to set the tomcatAuthentication attribute of the AJP connector to false to allow external web servers (e.g. apache httpd) to handle the authentication and pass that along.
> A similar option was added recently to JBossWeb as well (see WFLY-254), but JBossWeb has been replaced by Undertow. With Undertow this option isn't available as far as I can see.
> For me this is a critical problem as there is currently no way I can do negotiated (SPNEGO) authentication from within WildFly+Undertow. (See also WFLY-2404).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list