Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1330

Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.1.0.CR6, 1.2.0.Beta1
    • Component/s: None
    • Labels:
      None

      Description

      Using GS2-KRB5-PLUS mechanism should be forced when channel binding is possible (server-ssl-context is used) and GS2-KRB5 should not be allowed in such case.

      Currently the GS2-KRB5 authentication passes even if the SSL server context is used (channel binding possible).

      This is a follow up to JBEAP-11396 and JBEAP-12231 which were aimed on SCRAM PLUS mechanisms. Most of the related discussion takes place on JBEAP-11396.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  fjuma Farah Juma
                  Reporter:
                  jcacek Josef Cacek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: