Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2004

SPNEGO mechanism handles delegated credential twice.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.13.0.CR2
    • None
    • HTTP
    • None

      From a successful authentication with a delegated credential we can see from the logs the delegated credential is handled twice.

      2020-07-01 20:19:30,820 TRACE [org.wildfly.security.http.spnego] (default task-1) Associating delegated GSSCredential with identity.
2020-07-01 20:19:30,822 TRACE [org.wildfly.security.http.spnego] (default task-1) GSSContext established, authorizing...
2020-07-01 20:19:30,822 TRACE [org.wildfly.security.http.spnego] (default task-1) Credential delegation enabled, delegated credential = [GSSCredential: 
admin@ELYTRON.ORG 1.2.840.113554.1.2.2 Initiate [class sun.security.jgss.krb5.Krb5InitCredential]
admin@ELYTRON.ORG 1.3.6.1.5.5.2 Initiate [class sun.security.jgss.spnego.SpNegoCredElement]]

      The first can be removed as we will always move onto the second if the GSSContext is establihsed.

       

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: