Keith Wall created QPID-7242:
--------------------------------
Summary: Make existing authentication/group providers produce
realm qualified principals
Key: QPID-7242
URL: https://issues.apache.org/jira/browse/QPID-7242
Project: Qpid
Issue Type: Improvement
Components: Java Broker
Reporter: Keith Wall
Fix For: qpid-java-6.1
Change all existing authentication and group providers to produce realm
qualified principals.
Each authentication and group provider will have a {{realm}} attribute.
Validation ({{#onValidate}}) must ensure that the realm name used by each
provider is unique.
For some providers, the realm name may be default-able: authentication/group
backends can default to the domain name (the host portion of a URI) of the
authentication/group server e.g. directory.example.com in the case of an
Directory (LDAP). For non-server backed providers, an realm can be constructed
using the other realm suggested by RFC-4120 (e.g.
{{qpid:SCRAM-SHA256/myscramprovider}}). For some providers, such as Kerberos,
the realm must be supplied by the user.
The Principals produced by the authentication and group providers must carry
the realm. The serialised form of the Principal will be a string where the
{{uriEscape(name) + '@' + domain}}. Principal equality must include the realm
too.
For this change. ConfiguredObject#createdBy/lastUpdatedBy remain Strings (for
now)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
