[jboss-jira] [JBoss JIRA] (ELY-1218) Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context
Ondrej Lukas (JIRA)
issues at jboss.org
Fri Jun 2 01:38:00 EDT 2017
Ondrej Lukas created ELY-1218:
---------------------------------
Summary: Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context
Key: ELY-1218
URL: https://issues.jboss.org/browse/ELY-1218
Project: WildFly Elytron
Issue Type: Bug
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
Token #MUTUAL should work as follow:
_{{#MUTUAL}} - matches all mechanisms which authenticate the server in some way (this might just mean, making the server prove that the server knows the password); currently matches {{#FAMILY(SCRAM)}} and {{#FAMILY(GS2)}} but may be adjusted in the future as new mechanisms are available._ [1]
However it also incorrectly requires SSL context to be used, in {{SaslMechanismPredicate.MUTUAL}} [2] see:
{code}
boolean test(final String mechName, final SSLSession sslSession) {
return sslSession != null && SaslMechanismInformation.MUTUAL.test(mechName);
}
{code}
SSL context should not be required for {{#FAMILY(SCRAM)}} or {{#FAMILY(GS2)}}.
[1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13408238
[2] https://github.com/wildfly-security/wildfly-elytron/blob/03e583dd476dbbdf05e3c852d34e191f181038aa/src/main/java/org/wildfly/security/sasl/SaslMechanismPredicate.java#L185
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list