You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Michael Boulter (Jira)" <ji...@apache.org> on 2021/01/29 09:08:00 UTC
[jira] [Updated] (KNOX-2534) Allow alias to be used in pac4j
topology block
[ https://issues.apache.org/jira/browse/KNOX-2534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Boulter updated KNOX-2534:
----------------------------------
Description:
We currently use Knox to authenticate users with Microsoft via pac4j federation config.
We have an OIDC client secret (oidc.stored) stored in plaintext in the topology file but we'd like to obfuscate and not have the plaintext value in the topology XML.
This is because OAuth strongly recommends to have the "client secret" protected.
The alias service currently only seems to work for LDAP, it would be good if we could use it inside our pac4j block too.
was:
We currently use Knox to authenticate users with Microsoft via pac4j federation config.
We have an OIDC client secret (oidc.stored) stored in plaintext in the topology file but we'd like to obfuscate and not have the plaintext value in the topology XML.
The alias service currently only seems to work for LDAP, it would be good if we could use it inside our pac4j block too.
> Allow alias to be used in pac4j topology block
> ----------------------------------------------
>
> Key: KNOX-2534
> URL: https://issues.apache.org/jira/browse/KNOX-2534
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Reporter: Michael Boulter
> Priority: Minor
>
> We currently use Knox to authenticate users with Microsoft via pac4j federation config.
> We have an OIDC client secret (oidc.stored) stored in plaintext in the topology file but we'd like to obfuscate and not have the plaintext value in the topology XML.
>
> This is because OAuth strongly recommends to have the "client secret" protected.
>
> The alias service currently only seems to work for LDAP, it would be good if we could use it inside our pac4j block too.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)