[jboss-jira] [JBoss JIRA] (ELY-1208) Elytron dir-context ignores protocol, host and port options from Authentication Configuration
Ondrej Lukas (JIRA)
issues at jboss.org
Tue May 30 06:20:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1208?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated ELY-1208:
------------------------------
Description:
When Elytron {{dir-context}} uses {{authentication-context}} and obtains some authentication configuration from it then dir context ignores obtained protocol, host and port options from authentication configuration. Original {{dir-context.url}} is used without any change.
It means some authentication client like following cannot be used with dir context:
{code}
<authentication-client>
<authentication-configuration name="unsecureConfig" authentication-name="uid=admin,ou=system">
<credential-reference clear-text="secret"/>
</authentication-configuration>
<authentication-configuration name="secureConfig" authentication-name="uid=admin,ou=system" protocol="ldaps" port="10636">
<credential-reference clear-text="secret"/>
</authentication-configuration>
<authentication-context name="authCtx">
<match-rule match-purpose="secure" authentication-configuration="secureConfig"/>
<match-rule authentication-configuration="unsecureConfig"/>
</authentication-context>
</authentication-client>
...
<dir-contexts>
<dir-context name="dir-context" url="ldap://127.0.0.1:10389" authentication-context="authCtx"/>
</dir-contexts>
{code}
was:
When Elytron {{dir-context}} uses {{authentication-context}} and obtains some authentication configuration from it then dir context ignores obtained protocol, host and port options from authentication configuration. Original {{dir-context.url}} is used without any change.
It means some authentication client like following cannot be used with dir context:
{code}
<authentication-client>
<authentication-configuration name="unsecureConfig" authentication-name="uid=admin,ou=system">
<credential-reference clear-text="secret"/>
</authentication-configuration>
<authentication-configuration name="secureConfig" authentication-name="uid=admin,ou=system" protocol="ldaps" port="10636">
<credential-reference clear-text="secret"/>
</authentication-configuration>
<authentication-context name="authCtx">
<match-rule match-purpose="secure" authentication-configuration="secureConfig"/>
<match-rule authentication-configuration="unsecureConfig"/>
</authentication-context>
</authentication-client>
...
<dir-contexts>
<dir-context name="dir-context" url="ldap://127.0.0.1:10389" authentication-context="authCtx"/>
</dir-contexts>
{code}
We request blocker since {{dir-context}} is not able to use feature which are provided by {{authentication-context}} which means lack of features for {{dir-context}} and can be confused for users.
> Elytron dir-context ignores protocol, host and port options from Authentication Configuration
> ---------------------------------------------------------------------------------------------
>
> Key: ELY-1208
> URL: https://issues.jboss.org/browse/ELY-1208
> Project: WildFly Elytron
> Issue Type: Bug
> Affects Versions: 1.1.0.Beta47
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> When Elytron {{dir-context}} uses {{authentication-context}} and obtains some authentication configuration from it then dir context ignores obtained protocol, host and port options from authentication configuration. Original {{dir-context.url}} is used without any change.
> It means some authentication client like following cannot be used with dir context:
> {code}
> <authentication-client>
> <authentication-configuration name="unsecureConfig" authentication-name="uid=admin,ou=system">
> <credential-reference clear-text="secret"/>
> </authentication-configuration>
> <authentication-configuration name="secureConfig" authentication-name="uid=admin,ou=system" protocol="ldaps" port="10636">
> <credential-reference clear-text="secret"/>
> </authentication-configuration>
> <authentication-context name="authCtx">
> <match-rule match-purpose="secure" authentication-configuration="secureConfig"/>
> <match-rule authentication-configuration="unsecureConfig"/>
> </authentication-context>
> </authentication-client>
> ...
> <dir-contexts>
> <dir-context name="dir-context" url="ldap://127.0.0.1:10389" authentication-context="authCtx"/>
> </dir-contexts>
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list