Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2004

SPNEGO mechanism handles delegated credential twice.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 1.13.0.CR2
    • None
    • HTTP
    • None

    Description

      From a successful authentication with a delegated credential we can see from the logs the delegated credential is handled twice.

      2020-07-01 20:19:30,820 TRACE [org.wildfly.security.http.spnego] (default task-1) Associating delegated GSSCredential with identity.
2020-07-01 20:19:30,822 TRACE [org.wildfly.security.http.spnego] (default task-1) GSSContext established, authorizing...
2020-07-01 20:19:30,822 TRACE [org.wildfly.security.http.spnego] (default task-1) Credential delegation enabled, delegated credential = [GSSCredential: 
admin@ELYTRON.ORG 1.2.840.113554.1.2.2 Initiate [class sun.security.jgss.krb5.Krb5InitCredential]
admin@ELYTRON.ORG 1.3.6.1.5.5.2 Initiate [class sun.security.jgss.spnego.SpNegoCredElement]]

      The first can be removed as we will always move onto the second if the GSSContext is establihsed.

       

      Attachments

        Activity

          People

            darran.lofthouse@redhat.com Darran Lofthouse
            darran.lofthouse@redhat.com Darran Lofthouse
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: