> > > Pretty good, I'd say. I'll type up draft release notes, etc. > > - Mike >
Mike, Any progress on the release notes? I started working on some myself, if you haven't started on them I can finish up a cut and send those over? Also, I have this one outstanding issue with the RADIUS module and challenge authentication that I'm still tracking down. I don't think it needs to block the 1.0.0 release - it could be classified as a "known issue" - but I think I've figured out what's going on. As a reminder, the situation occurs when the RADIUS module is stacked with other modules (e.g. JDBC), when those other modules authenticate before the RADIUS module, and when the RADIUS module requests additional credentials. When this happens, instead of the web app requesting the additional credentials, it just fails the authentication. Based on the debugging I've done, it does not look like the issue is in the RADIUS module itself - it looks like maybe the errors thrown by the individual modules get stacked or queued, and the first one in the queue is the one that the REST API pushes to the web app. So, it goes something like this: - User attempts to log in with RADIUS credentials - JDBC module fails the authentication, throwing an Invalid Credentials Exception. - Control is passed to the RADIUS module. - RADIUS module needs additional credentials, throwing an Insufficient Credentials Exception with the additional required credentials. - REST API sends Invalid Credentials to the web app, and authentication fails completely. I've done some debugging and added some logging to confirm that the RADIUS module is behaving as expected, but that the 403 returned by the api/tokens endpoint in the above scenario only contains the Invalid Credentials Exception and not the Insufficient Credentials Exception. -Nick
