Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-970

Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Critical
    • 1.1.0.Beta48
    • 1.1.0.Beta25
    • Realms
    • None

    Description

      In case when Ldap Realm is set to use direct verification and referenced DirContext uses referral mode follow, then roles for referral user are searched before actual user password is validated. In this case following flow is used:

      1. searching for username
      2. searching for roles (i.e. searching for attributes)
      3. validating password for username

      It means even if wrong password is used then roles in LDAP are searched. Password should be validated before some roles are searched. Current behavior can result to performance issues.

      This is the same issue as ELY-760 but only for case when direct verification and referral mode follow are used and user from referral tries to authenticate.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8943 Elytron Ldap Realm searches roles before validating password when direct verification and referral mode follow are used

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: