[jboss-jira] [JBoss JIRA] (ELY-374) Ambiguous application of CredentialCallback
David Lloyd (JIRA)
issues at jboss.org
Thu Nov 19 13:24:00 EST 2015
[ https://issues.jboss.org/browse/ELY-374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Lloyd resolved ELY-374.
-----------------------------
Fix Version/s: 1.1.0.Beta2
(was: 1.1.0.Beta3)
Resolution: Done
> Ambiguous application of CredentialCallback
> -------------------------------------------
>
> Key: ELY-374
> URL: https://issues.jboss.org/browse/ELY-374
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Authentication Mechanisms, Callbacks, SASL
> Reporter: David Lloyd
> Priority: Critical
> Fix For: 1.1.0.Beta2
>
>
> We have a problem where there is an ambiguous application of {{CredentialCallback}}.
> On the client, this callback is used to acquire the credential to use for outbound authentication. On the server, it is used in two ways:
> * For most authentication, it is used to acquire the credential that is used to verify the client identity.
> * For Entity authentication, it is used to acquire the credential that is used to identify the server to the client.
> The reason Entity can get away with this special behavior is that it uses the {{VerifyPeerTrustedCallback}} instead of {{CredentialCallbak}} for checking the peer. Unfortunately, it is not easy for a callback handler to know when {{CredentialCallback}} is being used for the host identity versus the authenticating user identity. This needs to be solved ASAP so that we can have server mechanisms that present a host identity as well as acquiring a credential for user authentication.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list