You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2016/05/02 13:26:12 UTC
[jira] [Created] (QPID-7242) Make existing authentication/group
providers produce realm qualified principals
Keith Wall created QPID-7242:
--------------------------------
Summary: Make existing authentication/group providers produce realm qualified principals
Key: QPID-7242
URL: https://issues.apache.org/jira/browse/QPID-7242
Project: Qpid
Issue Type: Improvement
Components: Java Broker
Reporter: Keith Wall
Fix For: qpid-java-6.1
Change all existing authentication and group providers to produce realm qualified principals.
Each authentication and group provider will have a {{realm}} attribute. Validation ({{#onValidate}}) must ensure that the realm name used by each provider is unique.
For some providers, the realm name may be default-able: authentication/group backends can default to the domain name (the host portion of a URI) of the authentication/group server e.g. directory.example.com in the case of an Directory (LDAP). For non-server backed providers, an realm can be constructed using the other realm suggested by RFC-4120 (e.g. {{qpid:SCRAM-SHA256/myscramprovider}}). For some providers, such as Kerberos, the realm must be supplied by the user.
The Principals produced by the authentication and group providers must carry the realm. The serialised form of the Principal will be a string where the {{uriEscape(name) + '@' + domain}}. Principal equality must include the realm too.
For this change. ConfiguredObject#createdBy/lastUpdatedBy remain Strings (for now)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org