[teiid-issues] [JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule
Ramesh Reddy (JIRA)
issues at jboss.org
Wed Nov 9 20:16:00 EST 2016
[ https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13319943#comment-13319943 ]
Ramesh Reddy commented on TEIID-4561:
-------------------------------------
When client call comes into the web layer, it redirects the call to the identity server (keycloak), then client negotiates the AccessToken. OAuthFiler is where Teiid checks the Access Token in HTTP header. it s expected that by the time OAuthFilter is called, the authentication is already done, and AccessToekn is sent with the call. You do not have access to Subject here, at least I think did not find a way access the Subject object, because there is no JAAS based security. In OAuth20LoginModule also I do not we have access to a Subject, but we will have capability to create Subject and associate credential for JEE pattern.
> Deprecate the PassthroughIdentityLoginModule
> --------------------------------------------
>
> Key: TEIID-4561
> URL: https://issues.jboss.org/browse/TEIID-4561
> Project: Teiid
> Issue Type: Quality Risk
> Components: Server
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 9.2
>
>
> The delegation capability of the PassthroughIdentityLoginModule can be associated with the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of the KerberosLoginModule). Also the OAuthCredentialContext should be changed to use the Subject private credentials rather than a ThreadLocal.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the teiid-issues
mailing list