[jboss-jira] [JBoss JIRA] (ELY-446) Additional fields on SecurityIdentity
David Lloyd (JIRA)
issues at jboss.org
Mon Mar 14 12:17:00 EDT 2016
[ https://issues.jboss.org/browse/ELY-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13176272#comment-13176272 ]
David Lloyd commented on ELY-446:
---------------------------------
Credential forwarding should cover the following scenarios:
* Propagating a clear password (like old JAAS/PicketBox propagation), either from the stored identity or discovered during the mechanism execution (the latter will require a separate enhancement to provide an API by which mechanisms may share this information)
* Propagating stored credentials for GSS mechanisms (e.g. Kerberos)
* Propagating stored credentials for other mechanisms (e.g. tokens of various kinds)
And the following requirements:
* Stored credential propagation has to be accessible from an AuthenticationConfiguration to support outflow via PeerIdentity and other means
* Stored credentials must only be accessible to suitably privileged code
> Additional fields on SecurityIdentity
> -------------------------------------
>
> Key: ELY-446
> URL: https://issues.jboss.org/browse/ELY-446
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: API / SPI
> Reporter: David Lloyd
> Assignee: David Lloyd
>
> The following useful properties could be added to SecurityIdentity:
> * Identity creation time (the time when the identity itself is created, whether by login or by run-as)
> * Authentication information, including:
> ** Login timestamp (the time of the original authentication)
> ** Login mechanism & kind (SASL/HTTP/TLS etc.)
> ** Login protocol (HTTP/Remoting/etc.) incl. enclosing TLS information if any
> * Authentication identity information, including:
> ** Original authentication name
> ** Authentication forwarding credential(s)
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list