Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1519

Make restore of SecurityIdentity on replicated session configurable

    XMLWordPrintable

Details

    • Hide

      clones of testNodeRestart, testFailover, testChangeNode from SPNEGOSessionManualHaTest using new flag

       git clone git@gitlab.mw.lab.eng.bos.redhat.com:jbossqe-eap/tests-ldap-kerberos.git
./build-eap71.sh -Deap -Dversion.jboss.bom=7.2.0.EL12.Beta1 -Dversion.wildfly.core=4.0.0.Beta1-redhat-1 -Dmaven.repo.local=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2.0.EL12.Beta1-maven-repository/maven-repository -Djboss.dist=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2 -Dtest=SPNEGOSessionManualHaTest
      Show
      clones of testNodeRestart, testFailover, testChangeNode from SPNEGOSessionManualHaTest using new flag git clone git@gitlab.mw.lab.eng.bos.redhat.com:jbossqe-eap/tests-ldap-kerberos.git ./build-eap71.sh -Deap -Dversion.jboss.bom=7.2.0.EL12.Beta1 -Dversion.wildfly.core=4.0.0.Beta1-redhat-1 -Dmaven.repo.local=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2.0.EL12.Beta1-maven-repository/maven-repository -Djboss.dist=/home/mchoma/eap/7.2.0.EL12.ER1/jboss-eap-7.2 -Dtest=SPNEGOSessionManualHaTest

    Description

      Currently in clustered environment Security Identity is restored during

      • failover
      • load balancer change node (not sticky behaviour)
      • session passivation/activation

      This is mainly expected and good. It ensures performance gain because no additional SPNEGO negotiation is performed. But it can make troubles for kerberos ticket propagation, as kerberos ticket can't be serialized and restored.

      So idea is to have flag to turn this default behaviour off. When user authenticate to app1 on serverA and then wants to access app1 on serverB, SPNEGO authentication will be activated and kerberos ticket will be negotiated and will be available on serverB as well.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-15807 (7.2.z) Make restore of SecurityIdentity on replicated session configurable

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. ELY-1503 SPNEGO fails on <distributable/> deployment

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: