Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-374

Ambiguous application of CredentialCallback

    XMLWordPrintable

Details

    • Low

    Description

      We have a problem where there is an ambiguous application of CredentialCallback.

      On the client, this callback is used to acquire the credential to use for outbound authentication. On the server, it is used in two ways:

      • For most authentication, it is used to acquire the credential that is used to verify the client identity.
      • For Entity authentication, it is used to acquire the credential that is used to identify the server to the client.

      The reason Entity can get away with this special behavior is that it uses the VerifyPeerTrustedCallback instead of CredentialCallbak for checking the peer. Unfortunately, it is not easy for a callback handler to know when CredentialCallback is being used for the host identity versus the authenticating user identity. This needs to be solved ASAP so that we can have server mechanisms that present a host identity as well as acquiring a credential for user authentication.

      Attachments

        Activity

          People

            Unassigned Unassigned
            dlloyd@redhat.com David Lloyd
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: