You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-dev@jackrabbit.apache.org by Alexander Klimetschek <ak...@adobe.com> on 2016/01/20 23:55:34 UTC

TokenLoginModule ignores shared key javax.security.auth.login.name

Hi,

I came across an issue with the Token mechanism that ties it too much to SimpleCredentials (aka username/password) for the initial create-token login. In case of different credentials and the ExternalLoginModule + external identity provider this currently makes it impossible to use in one go, since it does not take a different user id into account that can be present in the standard shared key "javax.security.auth.login.name".

Details & patch including unit test at https://issues.apache.org/jira/browse/OAK-3899

Cheers,
Alex