Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR11
Affects Version/s: 7.1.0.DR8
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Links:

In Ldap Realm roles are searched before actual user password is validated. Ldap Realm uses following flow:

searching for username
searching for roles (i.e. searching for attributes)
validating password for username

It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues.

is cloned by

ELY-760 Elytron Ldap Realm searches roles before validating password

Resolved

Assignee:: Jan Kalina (Inactive)

Reporter:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2016/11/16 4:04 AM

Updated:: 2017/02/02 3:54 AM

Resolved:: 2017/01/24 11:56 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates