[jboss-jira] [JBoss JIRA] (ELY-374) Ambiguous application of CredentialCallback
David Lloyd (JIRA)
issues at jboss.org
Wed Nov 18 18:25:00 EST 2015
David Lloyd created ELY-374:
-------------------------------
Summary: Ambiguous application of CredentialCallback
Key: ELY-374
URL: https://issues.jboss.org/browse/ELY-374
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Mechanisms, Callbacks, SASL
Reporter: David Lloyd
Priority: Critical
Fix For: 1.1.0.Beta3
We have a problem where there is an ambiguous application of {{CredentialCallback}}.
On the client, this callback is used to acquire the credential to use for outbound authentication. On the server, it is used in two ways:
* For most authentication, it is used to acquire the credential that is used to verify the client identity.
* For Entity authentication, it is used to acquire the credential that is used to identify the server to the client.
The reason Entity can get away with this special behavior is that it uses the {{VerifyPeerTrustedCallback}} instead of {{CredentialCallbak}} for checking the peer. Unfortunately, it is not easy for a callback handler to know when {{CredentialCallback}} is being used for the host identity versus the authenticating user identity. This needs to be solved ASAP so that we can have server mechanisms that present a host identity as well as acquiring a credential for user authentication.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list