[jboss-jira] [JBoss JIRA] (ELY-1312) Further Scoping and Caching Enhancements to the SpnegoAuthenticationMechanism

[Darran Lofthouse (JIRA)]

    [ https://issues.jboss.org/browse/ELY-1312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13441598#comment-13441598 ] 

Darran Lofthouse commented on ELY-1312:
---------------------------------------

We could even take this slightly further and allow these options to apply to other mechanisms - e.g. FORM authentication could use an alternative SCOPE, e.g. specify SSL Scope and without an SSLSession FORM authentication is not possible.

This could mean if your connection is clear mechanisms such as Digest or SCRAM are possible but until an SSLSession is established FORM authentication is not possible.  It could potentially become a simple form of SSO where a common SSLSession is used across multiple applications.

> Further Scoping and Caching Enhancements to the SpnegoAuthenticationMechanism
> -----------------------------------------------------------------------------
>
>                 Key: ELY-1312
>                 URL: https://issues.jboss.org/browse/ELY-1312
>             Project: WildFly Elytron
>          Issue Type: Enhancement
>          Components: HTTP
>         Environment: #
>            Reporter: Darran Lofthouse
>             Fix For: 1.2.0.Beta1
>
>
> Currently the SpnegoAuthenticationMechanism caches against the connection scope and uses the cached GssContext to recreate the identity.
> We should consider the following: -
> # Using the same cached identity mechanism as is used by FORM authentication.
> # Adding configuration to specify which scope to cache against.
> # Add an option to disable caching entirely, this would need to take into account cases where continuation is required as that would become unsupported.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)