On Mon, Dec 31, 2018 at 11:59 AM Nick Couchman <[email protected]> wrote:
> >> Pretty good, I'd say. I'll type up draft release notes, etc. >> >> - Mike >> > > Mike, > Any progress on the release notes? I started working on some myself, if > you haven't started on them I can finish up a cut and send those over? > > Also, I have this one outstanding issue with the RADIUS module and > challenge authentication that I'm still tracking down. I don't think it > needs to block the 1.0.0 release - it could be classified as a "known > issue" - but I think I've figured out what's going on. As a reminder, the > situation occurs when the RADIUS module is stacked with other modules (e.g. > JDBC), when those other modules authenticate before the RADIUS module, and > when the RADIUS module requests additional credentials. When this happens, > instead of the web app requesting the additional credentials, it just fails > the authentication. > > Based on the debugging I've done, it does not look like the issue is in > the RADIUS module itself - it looks like maybe the errors thrown by the > individual modules get stacked or queued, and the first one in the queue is > the one that the REST API pushes to the web app. So, it goes something > like this: > - User attempts to log in with RADIUS credentials > - JDBC module fails the authentication, throwing an Invalid Credentials > Exception. > - Control is passed to the RADIUS module. > - RADIUS module needs additional credentials, throwing an Insufficient > Credentials Exception with the additional required credentials. > - REST API sends Invalid Credentials to the web app, and authentication > fails completely. > > I've done some debugging and added some logging to confirm that the RADIUS > module is behaving as expected, but that the 403 returned by the api/tokens > endpoint in the above scenario only contains the Invalid Credentials > Exception and not the Insufficient Credentials Exception. > > -Nick > Figured out what was going on, here, and opened a new JIRA issue (against the 1.0.0 release) and a pull request that should take care of this issue. -Nick
