[jboss-jira] [JBoss JIRA] (ELY-1257) Remove credentials key-pair and public-key-pem from Elytron client configuration file
Ondrej Lukas (JIRA)
issues at jboss.org
Wed Jun 21 03:56:01 EDT 2017
Ondrej Lukas created ELY-1257:
---------------------------------
Summary: Remove credentials key-pair and public-key-pem from Elytron client configuration file
Key: ELY-1257
URL: https://issues.jboss.org/browse/ELY-1257
Project: WildFly Elytron
Issue Type: Bug
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
Based on following discussion with [~dmlloyd]:
{quote}
> - key-pair - what is the reason for this credential element? How it can be used?
This is for key-based authentication mechanisms, like SSH. We're also
developing a key-based SASL mechanism [1] that will hopefully make some
progress in the next quarter (and is open to contribution from all).
> - public-key-pem - I do not understand reason of this credentials on client side. I would be able to understand private-key-pem. Is this element correct or should be removed?
A public key could be used for the purposes of server verification. We
don't yet have a way to establish a means to authenticate servers
though, other than using a trust store; this is something that will
probably be developed in conjunction with [1].
[1] https://github.com/dmlloyd/pk-rfc
{quote}
we suggest to remove {{key-pair}} and {{public-key-pem}} from {{configuration.authentication-client.authentication-configurations.configuration.credentials}} in Elytron client configuration file. We can introduce those credentials once it will be implemented. Provided credentials for mechanisms which are currently not supported in Elytron can be confusing and can result in incorrect client configuration.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list