[KNOX-2534] Allow alias to be used in pac4j topology block - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: KnoxSSO
Labels:
None

Description

We currently use Knox to authenticate users with Microsoft via pac4j federation config.

We have an OIDC client secret (oidc.secret) stored in plaintext in the topology file but we'd like to obfuscate and not have the plaintext value in the topology XML.

This is because OAuth strongly recommends to have the "client secret" protected.

The alias service currently only seems to work for LDAP, it would be good if we could use it inside our pac4j block too.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

knoxsso-oidc.xml
29/Jan/21 09:33
2 kB
Michael Boulter

Issue Links

links to

GitHub Pull Request #473

OAuth Standard - Storing and Displaying the Client ID and Secret

Activity

People

Assignee:: Attila Magyar

Reporter:: Michael Boulter

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 28/Jan/21 17:40

Updated:: 11/Oct/21 08:01

Resolved:: 28/Jul/21 07:36

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: