Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
proton-c-0.31.0
-
None
Description
The Qpid Dispatch router is capable of delegating SASL authentication to an external auth service.
We need a way
(1) for a server to get the authzid for a sasl external request - The "server" in this case the router, needs a way to obtain the authzid if the client has specified one during the SASL exchange
(2) for a client to specify the authzid to send with an external request - the "client" in this case the router acts as a client to the auth service and it needs a way to specify/send the authzid to the auth service as part of the SASL exchange.
https://tools.ietf.org/html/rfc4422#page-29 (section A.2)
Attachments
Issue Links
- blocks
-
DISPATCH-1634 Expose client X509 certificate identity (TLS client auth) to the auth service delegate
- Open