[security-dev] Undertow / IdentityManager and Digest Authentication
darran.lofthouse at jboss.com
Wed May 1 02:50:26 EDT 2013
Here is another scenario I would like to verify.
So far from what I have seen regarding the Credentials stored by
PicketLink IDM my perception is that the stored Credential is very
closely related to the authentication mechanism that will be used.
So for a set-up where we know that Digest authentication is going to be
used we may store a couple of pre-prepared digests.
Is this stored Credential now available for username / plain text
password authentication i.e. Could a web application be deployed with
FORM auth and verify a credential with a plain text password even though
it is a prepared digest stored?
More information about the security-dev