[teiid-issues] [JBoss JIRA] (TEIID-4561) Deprecate the PassthroughIdentityLoginModule
Steven Hawkins (JIRA)
issues at jboss.org
Fri Nov 11 16:40:00 EST 2016
[ https://issues.jboss.org/browse/TEIID-4561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13321376#comment-13321376 ]
Steven Hawkins commented on TEIID-4561:
---------------------------------------
> There is no KeycloakLoginModule used, if one exists I am not sure what it does (yet). Also, so far we have only used Keycloak for OAuth2, SAML purposes only, not general authentication framework, that role is still done by jboss pickletlink.
It's referenced in both https://teiid.gitbooks.io/documents/content/security/OAuth2_Based_Security_For_OData_Using_KeyCloak.html and https://teiid.gitbooks.io/documents/content/security/SAML_Based_Security_For_OData_Using_KeyCloak.html
> no, I am saying a new Subject is created here, not passed from another layer, and access token is added as a private credential
A Subject is passed into initialize and should be the one that is the current Subject for the Teiid thread accessing the data source correct?
Also it does appear that the OAuth20LoginModule is using the same logic as the PassthroughLoginModule to later obtain the callerSubject in the login method.
> Deprecate the PassthroughIdentityLoginModule
> --------------------------------------------
>
> Key: TEIID-4561
> URL: https://issues.jboss.org/browse/TEIID-4561
> Project: Teiid
> Issue Type: Quality Risk
> Components: Server
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 9.2
>
>
> The delegation capability of the PassthroughIdentityLoginModule can be associated with the underlying OAuth10/20 login modules (similar to the delegationCredential behavior of the KerberosLoginModule). Also the OAuthCredentialContext should be changed to use the Subject private credentials rather than a ThreadLocal.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the teiid-issues
mailing list