Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1314

Elytron, make scope of SPNEGO authentication configurable

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Blocker
    • 1.1.0.CR5
    • None
    • None
    • None

    Description

      Currently Elytron SPNEGO authnetication is tcp connection scoped, whereas legacy SPNEGO for applications is http-session scoped.

      This different approach can bring these behaviour differences after migration from legacy to Elytron:

      • if deployment is behind reverse proxy it can lead to user "cross talk" (different http session, but same TCP connection) [1]
      • more frequent kerberos negotiation cycles
      • load balancer switches to another node (same http session, but new TCP connection)
      • new tab in browser (same http session, but new TCP connection) [2]

      [1] JBEAP-11882 - (7.1) Using a proxy and spnego on the EAP 7 management console leads to user "cross talk"
      [2] https://superuser.com/questions/1055281/do-web-browsers-use-different-outgoing-ports-for-different-tabs

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-12460 Elytron, make scope of SPNEGO authentication mechanism configurable

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          duplicates

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ELY-1312 Further Scoping and Caching Enhancements to the SpnegoAuthenticationMechanism

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: