Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1662

[GSS][7.2.2] HTTP External Security Not Supported by Elytron

    Details

    • Type: Feature Request
    • Status: Pull Request Sent (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.1.4.Final
    • Component/s: Security
    • Labels:
      None

      Description

      For legacy security, there's an EXTERNAL HTTP authentication mechanism (io.undertow.security.impl.ExternalAuthenticationMechanism) which performs no verification and simply uses the principal that was passed from the REMOTE_USER attribute by the AJP protocol. There is a "ClientLoginModule" in legacy security used as such: https://access.redhat.com/solutions/3465231. It is a requirement to add an equivalent of this EXTERNAL mechanism available in legacy and Elytron-SASL for Elytron-HTTP in order to migrate away from legacy security.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                aabdelsa Ashley Abdel-Sayed
                Reporter:
                aabdelsa Ashley Abdel-Sayed
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: