Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.CR1
Affects Version/s: 7.1.0.ER3
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/949

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Using GS2-KRB5-PLUS mechanism should be forced when channel binding is possible (server-ssl-context is used) and GS2-KRB5 should not be allowed in such case.

Currently the GS2-KRB5 authentication passes even if the SSL server context is used (channel binding possible).

This is a follow up to ~~JBEAP-11396~~ and ~~JBEAP-12231~~ which were aimed on SCRAM PLUS mechanisms. Most of the related discussion takes place on ~~JBEAP-11396~~.

is cloned by

ELY-1330 Elytron GS2-KRB5 SASL mechanism (non-PLUS) is allowed even if the channel binding is possible

Resolved

is incorporated by

JBEAP-12750 Upgrade WildFly Elytron to 1.1.0.CR6

Closed

relates to

JBEAP-11396 Elytron - *-PLUS SASL mechanisms don't work - part of channel binding integration seems to be missing

Closed

JBEAP-12231 Handle properly non-PLUS Elytron SASL mechanisms when SSL context is used (i.e. channel binding is possible)

Closed

Assignee:: Farah Juma

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017/08/10 9:23 AM

Updated:: 2024/09/02 3:20 PM

Resolved:: 2017/08/17 4:29 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates