[jboss-jira] [JBoss JIRA] (WFLY-12133) Add documentation for enhanced mapping of X509Certificate to the underlying identity
Farah Juma (Jira)
issues at jboss.org
Mon May 27 17:29:00 EDT 2019
[ https://issues.jboss.org/browse/WFLY-12133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farah Juma updated WFLY-12133:
------------------------------
Description: Presently we support decoding the distinguished name however there are requests to use alternative such as the subject alternative name. (was: Where authentication is using a Principal we have a lot of opportunities to map / rewrite the principal name - where using 'X509PeerCertificateChainEvidence' we have no such opportunity and pass this directly to the SecurityRealm.
We have a customer example where the id to resolve the identity can come from a portion of the certificates common name or alternatively a subject alternative name.
The customer example is using LDAP so we could handle the decoding within the LDAP realm only - or we could add a more generic evidence decoder support.
A single installation could use multiple formats so we may want to consider how to handle multiple formats.)
> Add documentation for enhanced mapping of X509Certificate to the underlying identity
> ------------------------------------------------------------------------------------
>
> Key: WFLY-12133
> URL: https://issues.jboss.org/browse/WFLY-12133
> Project: WildFly
> Issue Type: Feature Request
> Components: Security
> Reporter: Farah Juma
> Assignee: Farah Juma
> Priority: Major
> Labels: CD17-Deferred, EAP-CD18, Previous_RFE
>
> Presently we support decoding the distinguished name however there are requests to use alternative such as the subject alternative name.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list