-
Bug
-
Resolution: Done
-
Critical
-
7.1.0.DR19
-
None
Token #MUTUAL should work as follow:
#MUTUAL - matches all mechanisms which authenticate the server in some way (this might just mean, making the server prove that the server knows the password); currently matches #FAMILY(SCRAM) and #FAMILY(GS2) but may be adjusted in the future as new mechanisms are available. [1]
However it also incorrectly requires SSL context to be used, in SaslMechanismPredicate.MUTUAL [2] see:
boolean test(final String mechName, final SSLSession sslSession) { return sslSession != null && SaslMechanismInformation.MUTUAL.test(mechName); }
SSL context should not be required for #FAMILY(SCRAM) or #FAMILY(GS2).
[1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13408238
[2] https://github.com/wildfly-security/wildfly-elytron/blob/03e583dd476dbbdf05e3c852d34e191f181038aa/src/main/java/org/wildfly/security/sasl/SaslMechanismPredicate.java#L185
- is cloned by
-
ELY-1218 Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context
- Resolved
- is incorporated by
-
JBEAP-11305 Upgrade WildFly Elytron to 1.1.0.Beta51
- Closed