[SECURITY-772] SPNEGOLoginModule does not always respect removeRealmFromPrincipal - Red Hat Issue Tracker

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Minor
Resolution: Done
Affects Version/s: Negotiation_2_2_6
Fix Version/s: Negotiation_2_2_7
Component/s: Negotiation
Labels:
None

Estimated Difficulty:
Low
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1039989, https://bugzilla.redhat.com/show_bug.cgi?id=1039955, https://bugzilla.redhat.com/show_bug.cgi?id=1040008
Bugzilla Update:

Perform

Description

org.jboss.security.negotiation.spnego.SPNEGOLoginModule

private class AcceptSecContext:

if (gssContext.isEstablished())
{
log.warn("Authentication was performed despite already being authenticated!");

// TODO - Refactor to only do this once.
setIdentity(new KerberosPrincipal(gssContext.getSrcName().toString()));

The last line should obey the "removeRealmFromPrincipal" flag similarly as a bit further down:

setIdentity(createIdentity(gssContext.getSrcName().toString()));

Gliffy Diagrams

Attachments

Activity

People

Assignee:

Tom Fonteyne

Reporter:

Tom Fonteyne

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

10/Dec/13 6:37 AM

Updated:

30/Jan/15 5:00 AM

Resolved:

10/Dec/13 8:29 AM