[OAK-3899] Extend TokenLoginModule to respect shared key javax.security.auth.login.name - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 1.3.14
Fix Version/s: None
Component/s: core
Labels:
None

Description

The TokenLoginModule and specifically TokenProviderImpl only look at SimpleCredentials.getUserID() when creating a token.

However, in certain situations, such as with the ExternalLoginModule and non-username/password credentials, the SimpleCredentials are used but don't have a user id as the real user id is determined not by the caller of Repository.login(), but by the external identity provider inside the ExternalLoginModule (and the credentials might not include any kind of user id, say an opaque token from an external service). In this case, SimpleCredentials.getUserID() returns null and the token implementation fails to create a token and does not return it in the .token attribute of the credentials.

Instead, the TokenLoginModule should look at the shared javax.security.auth.login.name attribute, which can de-facto override a SimpleCredentials.getUserID(), as it happens in the ExternalLoginModule.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OAK-3899.patch
20/Jan/16 22:53
10 kB
Alexander Klimetschek

Issue Links

is related to

OAK-3876 ExternalLoginModule ignores authorizable ID returned from IDP

Resolved

is superceded by

OAK-4129 Use CredentialsSupport in TokenConfigurationImpl and TokenProviderImpl

Closed

OAK-6345 Allow TokenLoginModule framework to create token for other LoginModules if userid is not known in login()

Resolved

Activity

People

Assignee:: Angela Schreiber

Reporter:: Alexander Klimetschek

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Jan/16 00:42

Updated:: 14/Jun/17 02:13

Resolved:: 16/Mar/16 17:59