Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-255

IdentityLoginModule Incomplete password-stacking useFirstPass implementation

    XMLWordPrintable

    Details

    • Estimated Difficulty:
      Low

      Description

      The IdentityLoginModule has got an incomplete useFirstPass implementation.

      The login() method does start with: -

      if( super.login() == true )
      return true;

      To skip login if useFirstPass is set and authentication has already occurred.

      However at the end of login() setting the principal in the shared state map should only happen if useFirstPass was set.

      Also for this to work a credential also needs to be stored in the sharedStateMap otherwise other modules will assume authentication has not occurred.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            dlofthouse Darran Lofthouse
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated: