[jboss-jira] [JBoss JIRA] (WFLY-12133) Enhanced mapping of X509Certificate to the underlying identity

Farah Juma (Jira) issues at jboss.org
Mon May 27 17:28:00 EDT 2019 

     [ https://issues.jboss.org/browse/WFLY-12133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma moved EAP7-1267 to WFLY-12133:
-----------------------------------------

                          Project: WildFly  (was: EAP 7 Planning Pilot)
                              Key: WFLY-12133  (was: EAP7-1267)
                       Issue Type: Feature Request  (was: Requirement)
                         Workflow: GIT Pull Request workflow   (was: EAP Agile Workflow 2.0)
                      Component/s: Security
                                       (was: Security)
                Analysis Document:   (was: https://github.com/wildfly/wildfly-proposals/pull/203)
                   EAP Testing By:   (was: QE)
          EAP PT Pre-Checked (PC):   (was: TODO)
                   Target Release:   (was: 7.3.0.GA)
       EAP PT Community Docs (CD):   (was: TODO)
         EAP PT Product Docs (PD):   (was: New)
             EAP PT Test Dev (TD):   (was: TODO)
        EAP PT Docs Analysis (DA):   (was: TODO)
            EAP PT Test Plan (TP):   (was: In Progress)
    EAP PT Analysis Document (AD):   (was: Approved)
                           Writer:   (was: Chuck Copello)


> Enhanced mapping of X509Certificate to the underlying identity
> --------------------------------------------------------------
>
>                 Key: WFLY-12133
>                 URL: https://issues.jboss.org/browse/WFLY-12133
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Major
>              Labels: CD17-Deferred, EAP-CD18, Previous_RFE
>
> Where authentication is using a Principal we have a lot of opportunities to map / rewrite the principal name - where using 'X509PeerCertificateChainEvidence' we have no such opportunity and pass this directly to the SecurityRealm.
> We have a customer example where the id to resolve the identity can come from a portion of the certificates common name or alternatively a subject alternative name.
> The customer example is using LDAP so we could handle the decoding within the LDAP realm only - or we could add a more generic evidence decoder support.
> A single installation could use multiple formats so we may want to consider how to handle multiple formats.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list