Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11684

Elytron realm-mapper on server-ssl-context is ignored for HTTP based authn

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Blocker Blocker
    • None
    • 7.1.0.ER1
    • Security
    • None

      Elytron realm-mapper and other attributes brought by JBEAP-11177 to server-ssl-context are ignored for HTTP based authentication.

      This issue follows up on JBEAP-11177 Unable to define realm-mapping for TrustManager based auth. The SASL part (which was original subject of the issue) does work with the new attributes, the HTTP part does not. The HTTP part does work with realm-mapper and other attributes in http-authentication-factory, which is against the HTTP part of statement in JBEAP-11177:

      For SASL and HTTP mechanisms it is possible to define realm-mapping as part of *-authentication-factory. But this cannot be used for EXTERNAL/CLIENT_CERT mechanism, because ServerAuthenticationContext is not constructed by mechanism but by SecurityDomainTrustManager - without relation to any *-authentication-factory.

      Blocker priority, like BEAP-11177.

        1. standalone.xml
          34 kB
          Ondrej Kotek

            Unassigned Unassigned
            okotek@redhat.com Ondrej Kotek
            Ondrej Kotek Ondrej Kotek
            Ondrej Kotek Ondrej Kotek
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: