[jboss-jira] [JBoss JIRA] (ELY-1921) [GSS][7.2.2] HTTP External Security Not Supported by Elytron
Ashley Abdel-Sayed (Jira)
issues at jboss.org
Mon Jan 20 10:13:24 EST 2020
Ashley Abdel-Sayed created ELY-1921:
---------------------------------------
Summary: [GSS][7.2.2] HTTP External Security Not Supported by Elytron
Key: ELY-1921
URL: https://issues.redhat.com/browse/ELY-1921
Project: WildFly Elytron
Issue Type: Requirement
Affects Versions: 1.11.0.Final
Reporter: Ashley Abdel-Sayed
Assignee: Ashley Abdel-Sayed
For legacy security, there's an EXTERNAL HTTP authentication mechanism (io.undertow.security.impl.ExternalAuthenticationMechanism) which performs no verification and simply uses the principal that was passed from the REMOTE_USER attribute by the AJP protocol. There is a "ClientLoginModule" in legacy security used as such: https://access.redhat.com/solutions/3465231. It is a requirement to add an equivalent of this EXTERNAL mechanism available in legacy and Elytron-SASL for Elytron-HTTP in order to migrate away from legacy security.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list