Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12934

Authorization identity forwarding not exposed to configuration

    XMLWordPrintable

Details

    • +

    Description

      As part of EAP7-284, Elytron was designed for and contains implementation to support trusted use of identities between peers in addition to credential forwarding. Cases in which one would prefer this approach include:

      • Scenarios where the user has requirements to not send passwords over the wire. Notably credential forwarding requires TLS and/or secure networks
      • Setups where an authentication type that does not support credential forwarding are used (credential forwarding is limited to Plain, Form, and OAuth, all other mechanisms, including the out of the box Digest auth of EAP are not)
      • Environments where its desired to limit which systems are allowed to receive requests which are propagated

      Due to an oversight this capability was not properly wired to the server configuration (nor a config method on the Elytron API).

      Attachments

        Issue Links

          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-3267 Authorization identity forwarding not exposed to configuration

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ELY-1077 Allow AuthenticationConfiguration identity forwarding to populate authorization-id instead of authentication name

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-12930 Upgrade WildFly Elytron to 1.1.2.Final

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          relates to

          Requirement - Used for conducting internal reviews of our products and process with 3rd party auditors JBEAP-7220 [DOC RFE] Client / Server Security Context Propagation for Remoting and Running As a given user

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          links to

          Web Link KCS

          Activity

            People

              jgreene@redhat.com Jason Greene
              jgreene@redhat.com Jason Greene
              Ondrej Lukas Ondrej Lukas (Inactive)
              Ondrej Lukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: