-
Bug
-
Resolution: Done
-
Blocker
-
1.1.0.Beta48
-
None
For SASL and HTTP mechanisms it is possible to define realm-mapping as part of *-authentication-factory. But this cannot be used for EXTERNAL/CLIENT_CERT mechanism, because ServerAuthenticationContext is not constructed by mechanism but by SecurityDomainTrustManager - without relation to any *-authentication-factory.
It can be misleading for user, that EXTERNAL mechanism is present in sasl-authentication-factory, but if realm-mapper is defined here, it is ignored: (because SSL authentication finish before any SASL is initiated)
<sasl-authentication-factory name="client-cert-digest" sasl-server-factory="configured" security-domain="client-cert-domain"> <mechanism-configuration> <mechanism mechanism-name="EXTERNAL" realm-mapper="key-store-realm"/> </mechanism-configuration> </sasl-authentication-factory>
Should be considered adding way how to pass realm-mapper into SSL authentication - maybe add realm-mapper attribute into server-ssl-context definition?
- clones
-
JBEAP-11177 Unable to define realm-mapping for TrustManager based auth
- Closed