[teiid-issues] [JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule
Steven Hawkins (JIRA)
issues at jboss.org
Thu Nov 10 10:58:00 EST 2016
[ https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13320512#comment-13320512 ]
Steven Hawkins commented on TEIID-4561:
---------------------------------------
> You do not have access to Subject here, at least I think did not find a way access the Subject object, because there is no JAAS based security.
So keycloak is performing a non-JAAS authentication, but is not providing a Subject. Can you clarify when the KeycloakLoginModule comes into play?
> In OAuth20LoginModule also I do not we have access to a Subject, but we will have capability to create Subject and associate credential for JEE pattern.
I'm not following you here. There will be a Subject when OAuth20LoginModule is used to secure a data source on the call to the data source. Are you talking about a different point in the flow?
> Deprecate the PassthroughIdentityLoginModule
> --------------------------------------------
>
> Key: TEIID-4561
> URL: https://issues.jboss.org/browse/TEIID-4561
> Project: Teiid
> Issue Type: Quality Risk
> Components: Server
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 9.2
>
>
> The delegation capability of the PassthroughIdentityLoginModule can be associated with the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of the KerberosLoginModule). Also the OAuthCredentialContext should be changed to use the Subject private credentials rather than a ThreadLocal.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the teiid-issues
mailing list