Details
-
Feature Request
-
Resolution: Done
-
Major
-
None
-
None
Description
At the lowest level a users identity is associated with a single SecurityRealm, two accounts that authenticated against different realms will never be considered equal.
However on top of this we have the security domains, a security domain amongst other things is an aggregation of realms. Incoming server connections and also applications can be associated with a security domain. However we still have the following two scenarios of a call to complete the consideration for: -
Connection -> Deployment
Deployment -> Deployment
In the first case the connection may be associated with a security domain with a large set of realms, however the deployment may be associated with a smaller set of realms. In the case that the realm is in both of these domains we need the identity to be able to automatically propagate.
Same for deployment to deployment calls, if there is a common realm the identity should propagate.
Attachments
Issue Links
- relates to
-
ELY-503 Add a PeerIdentitiesAssignedState to the ServerAuthenticationContext state machine
- Resolved