Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 3.0.0.Beta18
Affects Version/s: None
Component/s: Management
Labels:
None

Steps to Reproduce:

Hide

Reproducible with OpenLDAP. See https://github.com/ppalaga/WFCORE-2647 for a detailed step-by-step instructions.

Show
Reproducible with OpenLDAP. See https://github.com/ppalaga/WFCORE-2647 for a detailed step-by-step instructions.
Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1327758

Description

This is the component issue for https://issues.jboss.org/browse/JBEAP-4439 and https://bugzilla.redhat.com/show_bug.cgi?id=1327758

The present code in LdapConnectionManagerService was designed so that the client cert is sent to authenticate the search account but during the username / password verification step, the client cert is not sent.

The present objective is to add an option (that will default to the old behavior) to send the client password also during the username / password verification.

This includes (citing dlofthouse):

Implement management model based configuration and an implementation for the current version
Port back to older versions using a system property.
Forward port the system property to the current version for compatibility.

Attachments

Issue Links

blocks

JBEAP-4439 [GSS](7.0.z) mutual authentication with SSL fails to work with the LDAP security-realm

Closed

WFLY-8631 Integration test for WFCORE-2647 Add an option to always send the client SSL certificate to LDAP server

Closed

Activity

People

Assignee:: Peter Palaga

Reporter:: Peter Palaga

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017/04/10 6:25 AM

Updated:: 2021/10/24 5:58 AM

Resolved:: 2017/04/28 5:16 PM