[jboss-jira] [JBoss JIRA] (ELY-175) SASL mechanism availability should take into account credential support.
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Jul 31 13:08:02 EDT 2015
[ https://issues.jboss.org/browse/ELY-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse resolved ELY-175.
----------------------------------
Resolution: Done
> SASL mechanism availability should take into account credential support.
> ------------------------------------------------------------------------
>
> Key: ELY-175
> URL: https://issues.jboss.org/browse/ELY-175
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: SASL
> Reporter: Darran Lofthouse
> Assignee: David Lloyd
> Fix For: 1.0.0.Alpha3
>
>
> One of the main reasons for having a getCredentialSupport API is so that we select appropriate authentication mechanisms based on the credentials available to us or the level of validation possible.
> This should also consider advertising all variants of a mechanism or strongest only.
> I will mention it here but we may want as a separate task some form of downgrade detection as this could be a sign of a malicious MITM.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list