[jboss-jira] [JBoss JIRA] (ELY-178) Domain to domain identity propagation
Farah Juma (JIRA)
issues at jboss.org
Thu Apr 14 13:28:00 EDT 2016
[ https://issues.jboss.org/browse/ELY-178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farah Juma updated ELY-178:
---------------------------
Git Pull Request: https://github.com/wildfly-security/wildfly-elytron/pull/396, https://github.com/wildfly-security/wildfly-elytron/pull/400, https://github.com/wildfly-security/wildfly-elytron/pull/409 (was: https://github.com/wildfly-security/wildfly-elytron/pull/396, https://github.com/wildfly-security/wildfly-elytron/pull/400)
> Domain to domain identity propagation
> -------------------------------------
>
> Key: ELY-178
> URL: https://issues.jboss.org/browse/ELY-178
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: Realms
> Reporter: Darran Lofthouse
> Assignee: Farah Juma
> Fix For: 1.1.0.CR1
>
>
> At the lowest level a users identity is associated with a single SecurityRealm, two accounts that authenticated against different realms will never be considered equal.
> However on top of this we have the security domains, a security domain amongst other things is an aggregation of realms. Incoming server connections and also applications can be associated with a security domain. However we still have the following two scenarios of a call to complete the consideration for: -
> Connection -> Deployment
> Deployment -> Deployment
> In the first case the connection may be associated with a security domain with a large set of realms, however the deployment may be associated with a smaller set of realms. In the case that the realm is in both of these domains we need the identity to be able to automatically propagate.
> Same for deployment to deployment calls, if there is a common realm the identity should propagate.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list