[security-dev] Undertow / IdentityManager and Digest Authentication
Shane Bryzak
sbryzak at redhat.com
Wed May 1 04:51:23 EDT 2013
On 01/05/13 16:50, Darran Lofthouse wrote:
> Here is another scenario I would like to verify.
>
> So far from what I have seen regarding the Credentials stored by
> PicketLink IDM my perception is that the stored Credential is very
> closely related to the authentication mechanism that will be used.
>
> So for a set-up where we know that Digest authentication is going to be
> used we may store a couple of pre-prepared digests.
>
> Is this stored Credential now available for username / plain text
> password authentication i.e. Could a web application be deployed with
> FORM auth and verify a credential with a plain text password even though
> it is a prepared digest stored?
Absolutely, the CredentialHandler is free to implement any logic you
want it to. The way it accesses the stored credential values is via the
CredentialStore [1] interface, which is an interface that an
IdentityStore may *optionally* implement if it wants to (both the JPA
and File based identity stores in PicketLink implement it, but the LDAP
store doesn't). So a CredentialHandler is free to query whichever
stored credential state it needs to. This means you could use a
combination of digest AND password based authentication in the same
application, and even for the same users; there would simply be two
separate CredentialHandlers which do the validation - one for digests,
one for passwords.
[1]
https://github.com/picketlink/picketlink/blob/master/idm/api/src/main/java/org/picketlink/idm/spi/CredentialStore.java
>
> Regards,
> Darran Lofthouse.
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130501/1bead0fc/attachment.html
More information about the security-dev
mailing list