Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-476

Allow return of user name without realm part for legacy applications

    XMLWordPrintable

Details

    Description

      We have a legacy application which already uses authentication but cannot handle the realm part of the principal name. To enable single sign on we have made the changes in provided patch which allows to configure the module-option cutOffDomain for SPNEGOLoginModule. If the username ends with the realm name configured in this option the realm name is removed from the user name. This way the application gets the simpler name in the HttpServletRequest. Principals not ending with this realm are left untouched.

      Attachments

        Issue Links

          is duplicated by

          Task - Represents a small unit of work that is not end-user facing. SECURITY-433 Calls to getCallerPrincipal() return session ID

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              kopczynski Matthias Kopczynski (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: