[jboss-jira] [JBoss JIRA] (WFLY-1056) Certificate to principal mapping

Fri Aug 19 05:11:00 EDT 2016

    [ https://issues.jboss.org/browse/WFLY-1056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13281217#comment-13281217 ] 

RH Bugzilla Integration commented on WFLY-1056:
-----------------------------------------------

Peter Palaga <ppalaga at redhat.com> changed the Status of [bug 901309|https://bugzilla.redhat.com/show_bug.cgi?id=901309] from NEW to CLOSED

> Certificate to principal mapping
> --------------------------------
>
>                 Key: WFLY-1056
>                 URL: https://issues.jboss.org/browse/WFLY-1056
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Yves Peter
>            Assignee: Anil Saldanha
>
> In JBoss 7 it is no longer possible to configure how a certificate is mapped to a principal using client-cert authentication. The dynamic code was removed in JBoss 7 in the JBossWebRealm and is now hard coded to use the SubjectDNMapping:
> http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.jbossas/jboss-as-tomcat/6.1.0.Final/org/jboss/web/tomcat/security/JBossWebRealm.java
> http://grepcode.com/file/repository.jboss.org/nexus/content/repositories/releases/org.jboss.as/jboss-as-web/7.0.1.Final/org/jboss/as/web/security/JBossWebRealm.java
> Also the JBossWebRealm does only consider role- but no principal-mapping modules.
> We use this to authenticate users against an ldap server where the dn of the user doesn't match the dn in the ldap server. Also it's useful for display purpose in an application.
> An example and some further information is in the linked user form thread.


--
This message was sent by Atlassian JIRA
(v6.4.11#64026)