You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Freeman Fang (JIRA)" <ji...@apache.org> on 2013/06/21 02:21:22 UTC
[jira] [Resolved] (KARAF-2364)
org.apache.karaf.jaas.boot.principal.RolePrincipal class should implement
Group, not Principal
[ https://issues.apache.org/jira/browse/KARAF-2364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Freeman Fang resolved KARAF-2364.
---------------------------------
Resolution: Not A Problem
> org.apache.karaf.jaas.boot.principal.RolePrincipal class should implement Group, not Principal
> ----------------------------------------------------------------------------------------------
>
> Key: KARAF-2364
> URL: https://issues.apache.org/jira/browse/KARAF-2364
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 2.3.1
> Reporter: Scott Tustison
> Assignee: Freeman Fang
>
> When using the Karaf JAAS LDAPLoginModule in combination with Apache CXF (or a similar product), there is no way to determine whether the Principal obtained from the Subject corresponds to a user or a role(group). CXF (org.apache.cxf.interceptor.security.DefaultSecurityContext.findPrincipal()) will attempt to pull out a Principal which is not a java.security.acl.Group. However, since the JAAS login module does not make use of the java.security.acl.Group interface for its RolePrincipal, there is no way to determine the correct Principal to use. This can end up with Apache CXF generating a SAML assertion for a group that belongs to a user instead of the user itself, which is obviously invalid.
> If RolePrincipal implemented Group instead of Principal it would fix this issue.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira