Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Won't Do
Priority: Minor
Fix Version/s: None
Affects Version/s: 7.1.0.ER2
Component/s: Documentation, Security
Labels:
- Doc_prio_2

Story Points:
8
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.backlog.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The handing of non-PLUS vs. PLUS Elytron SASL mechanisms has to be documented as there are some caveats in the usage. (Details are discussed on JIRAs ~~JBEAP-11396~~ and its follow up ~~JBEAP-12231~~)

Some of the Elytron SASL mechanisms has variant with channel binding (then their name ends with "-PLUS"). E.g. for the SCRAM-SHA-1 mechanism there exists also SCRAM-SHA-1-PLUS mechanism.

Example scenario of the problematic behavior (in 7.1.0.ER2) :

Server administrator configures support for SCRAM-SHA-1 SASL mechanism in Elytron
Elytron Client (e.g. management client) set supports for SCRAM-SHA-1 too

This configuration works nicely when SSL context is not used for the remoting connection.
This configuration doesn't work, when SSL context is used for the remoting connection

blocks

JBEAP-7694 [DOC RFE] Provide a set of SASL authentication mechanisms

Closed

is related to

JBEAP-11396 Elytron - *-PLUS SASL mechanisms don't work - part of channel binding integration seems to be missing

Closed

JBEAP-12231 Handle properly non-PLUS Elytron SASL mechanisms when SSL context is used (i.e. channel binding is possible)

Closed

Assignee:: Ashwin Mehendale

Reporter:: Josef Cacek (Inactive)

Tester:: Ondrej Lukas (Inactive)

QA Contact:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2017/07/19 2:18 PM

Updated:: 2022/01/26 7:53 PM

Resolved:: 2022/01/26 7:53 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates