[jboss-jira] [JBoss JIRA] (WFCORE-2373) Elytron DIGEST misconfiguration not handled

Kabir Khan (JIRA) issues at jboss.org
Tue May 9 09:27:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-2373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kabir Khan resolved WFCORE-2373.
--------------------------------
    Fix Version/s: 3.0.0.Beta19
       Resolution: Done


> Elytron DIGEST misconfiguration not handled
> -------------------------------------------
>
>                 Key: WFCORE-2373
>                 URL: https://issues.jboss.org/browse/WFCORE-2373
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Martin Choma
>            Priority: Critical
>              Labels: user_experience
>             Fix For: 3.0.0.Beta19
>
>
> When realm name from web.xml and server configuration differs, user is not informed about that fact. 
> Could misconfiguration be handled by failing during application deployment as application requirement could not be satisfied?
> {code:title=web.xml}
>   <login-config>
>       <auth-method>DIGEST</auth-method>
>       <realm-name>Secured kingdom</realm-name>
>   </login-config>
> {code}
> {code:title=standalone-elytron.xml}
> <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
>     <mechanism-configuration>
>         <mechanism mechanism-name="DIGEST">
>             <mechanism-realm realm-name="ApplicationRealm"/>
>         </mechanism>
>     </mechanism-configuration>
> </http-authentication-factory>
> {code}
> {code:title=server.log}
> 17:06:18,278 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback
> 17:06:18,282 TRACE [org.wildfly.security] (default task-1) New nonce generated AAAAAQAAGoxim7G7FMLLnVddA7s69JDh5sRsiZ5aEDhg7qf+dB2Rjs7xwrg=, using seed Secured kingdom
> 17:06:22,308 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback
> 17:06:22,311 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling RealmCallback: selected = [Secured kingdom]
> 17:06:22,314 TRACE [org.wildfly.security] (default task-2) New nonce generated AAAAAgAAGo1TCzTJDpmA8HsI2fS4ZfJ60KbECZU6edCP9UepmGnyV93iP6c=, using seed Secured kingdom
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list