Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12656

Elytron, make scope of SPNEGO authentication mechanism configurable

    XMLWordPrintable

Details

    Description

      Currently Elytron SPNEGO authnetication is tcp connection scoped, whereas legacy SPNEGO for applications is http-session scoped.

      This different approach can bring these behaviour differences after migration from legacy to Elytron:

      • if deployment is behind reverse proxy it can lead to user "cross talk" (different http session, but same TCP connection) [1]
      • more frequent kerberos negotiation cycles
        • load balancer switches to another node (same http session, but new TCP connection)
        • new tab in browser (same http session, but new TCP connection) [2]

      [1] JBEAP-11882 - (7.1) Using a proxy and spnego on the EAP 7 management console leads to user "cross talk"
      [2] https://superuser.com/questions/1055281/do-web-browsers-use-different-outgoing-ports-for-different-tabs

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-12460 Elytron, make scope of SPNEGO authentication mechanism configurable

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          is related to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) JBEAP-14244 Add additional information regarding session states

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-chuffman Christian Huffman
              darran.lofthouse@redhat.com Darran Lofthouse
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: