Description
When Elytron dir-context uses authentication-context and obtains some authentication configuration from it then dir context ignores obtained protocol, host and port options from authentication configuration. Original dir-context.url is used without any change.
It means some authentication client like following cannot be used with dir context:
<authentication-client> <authentication-configuration name="unsecureConfig" authentication-name="uid=admin,ou=system"> <credential-reference clear-text="secret"/> </authentication-configuration> <authentication-configuration name="secureConfig" authentication-name="uid=admin,ou=system" protocol="ldaps" port="10636"> <credential-reference clear-text="secret"/> </authentication-configuration> <authentication-context name="authCtx"> <match-rule match-purpose="secure" authentication-configuration="secureConfig"/> <match-rule authentication-configuration="unsecureConfig"/> </authentication-context> </authentication-client> ... <dir-contexts> <dir-context name="dir-context" url="ldap://127.0.0.1:10389" authentication-context="authCtx"/> </dir-contexts>
We request blocker since dir-context is not able to use feature which are provided by authentication-context which means lack of features for dir-context and can be confused for users.
Attachments
Issue Links
- is cloned by
-
ELY-1208 Elytron dir-context ignores protocol, host and port options from Authentication Configuration
- Closed