[jboss-jira] [JBoss JIRA] (ELY-736) Introduce LocalAuthenticationFactory concept and class

David Lloyd (JIRA) issues at jboss.org
Thu Nov 10 16:03:00 EST 2016 

    [ https://issues.jboss.org/browse/ELY-736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13320709#comment-13320709 ] 

David Lloyd commented on ELY-736:
---------------------------------

It's possible that this entire approach is wrong and that we should instead create an isolated local authentication API which uses ServerAuthenticationContext directly based on what is detected from the user's AuthenticationContext.  This must be considered.

> Introduce LocalAuthenticationFactory concept and class
> ------------------------------------------------------
>
>                 Key: ELY-736
>                 URL: https://issues.jboss.org/browse/ELY-736
>             Project: WildFly Elytron
>          Issue Type: Task
>          Components: API / SPI
>            Reporter: David Lloyd
>
> We have a way to handle incoming authentication requests from HTTP, SASL, and TLS sources.  But we don't have an API to handle local server authentication.  We should have a LocalAuthenticationFactory, which implements MechanismAuthenticationFactory for this purpose.
> Using JAAS as a simple model, such an API would require a class that acts as the client's login context (similarly to LoginContext), which when activated, will use the user's local AuthenticationContext to configure the identity and credentials, and yield an SI after successful authentication.
> Because there are many ways in which an authentication can take place, the authentication factory may have to be able to specify or restrict the range of acceptable credential types and algorithms, and even principal types.  Actual local "mechanisms" might or might not be of use to accomplish this, by returning client login contexts which utilize different principal and credential strategies.
> For JAAS compatibility, it may be useful to be able to use this API to create a JAAS LoginModule which can use the local authentication factory to perform JAAS logins, wrapping the SI inside the JAAS Subject in whichever way we decide is correct.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list