The authentication part is already switchable, you can have a custom login module which will just return true without doing any real authentication. However, that's kind of a security breach if you put it by default. So you need to make sure that is only done in a custom jaas configuration which is not usedby the container itself for security.
On Mon, Mar 4, 2013 at 12:25 PM, Christian Schneider < ch...@die-schneider.net> wrote: > On 04.03.2013 12:11, Guillaume Nodet wrote: > >> Shouldn't STS delegate certificate authentication to the underlying JAAS >> system ? >> > I also thought about this but at the moment STS uses policies to define > the auth method. So ws-security automatically kicks in. Of course we could > use a custom > validator that delegates to JAAS. In this case we would have to define a > way to forward all credentials to JAAS (like Certificate and Signature). > > Independent of this possibility what do you think about making the > authentication part switchable? I think this could help for other cases too > where e.g. you want to authenticate using ldap but have roles in a db or > similar. > > > Christian > > -- > Christian Schneider > http://www.liquid-reality.de > > Open Source Architect > http://www.talend.com > > -- ------------------------ Guillaume Nodet ------------------------ Red Hat, Open Source Integration Email: gno...@redhat.com Web: http://fusesource.com Blog: http://gnodet.blogspot.com/
