Comments (8)
Scott McCrory said:
Depending upon the vision, I might be able to help address this for Siteminder. See http://forum.springframework.org/viewtopic.php?p=20924&sid=61039a5e2c07493dc47df28f25c9ef57#20924 for a summary and let me know if there’s interest.
from spring-security.
Ben Alex said:
Moved the SiteMinder integration to a new task http://opensource.atlassian.com/projects/spring/browse/SEC-35 which is assigned to Scott.
from spring-security.
Ben Alex said:
Hi Luke – would you please update the status of this? If you could expand on the scope of this task it would be good. It might be overlap with SEC-35 so perhaps it should be closed…?
from spring-security.
Luke Taylor said:
The main thing I was planning on looking at was the integration of X.509 client authentication with apache. This works fine when there is a direct SSL connection to the servlet container – the client certificate can easily be obtained. But I haven’t investigated how well it works with connectors. It’s not really a coding issue though, more just a question of “does it work”, so we can add it to the docs.
It would also be an idea to extend the X.509 provider to obtain the certificate from a request header (assuming the web server has support for setting this up). This would also work using mod_proxy, which is easier to work with. There appear to be some issues at the moment though:
http://issues.apache.org/bugzilla/show_bug.cgi?id=23223
In any case, it wouldn’t hurt to have this functionality in place. It might be better as a separate issue relating to the X.509 provider though.
from spring-security.
Ben Alex said:
Luke, any chance can we get this sorted out for 1.0.0?
from spring-security.
Luke Taylor said:
The apache issue still appears to be open and I haven’t had time to do any more work on this.
from spring-security.
Ben Alex said:
Luke, the cited Apache issue remains open, and given it is now over a year, I am of the view we should close this as “won’t fix”. The task doesn’t appear to have a particular urgency given it’s only applicable to the very specific situation of X509 via an intermediate connector. If someone is trying to do that, they can invest the time to implement it. It’s not a general-purpose or common enough requirement to keep an issue open for when there are more widely-useful enhancements that need addressing as well. Your thoughts?
from spring-security.
Luke Taylor said:
Ok. :)
from spring-security.
Related Issues (20)
- OpenSaml4AuthenticationProvider : Handle response not signed but assertions signed
- Response header ``Vary`` since Spring Security 6.2.0
- Fix typos and formatting in documentation
- Webservice returns invalid response containing Empty Headers (":") HOT 1
- Horizontal Scaling Issue with XorCsrfTokenRequestAttributeHandler
- Use Javadoc macro
- Add XML support for OIDC backchannel logout
- Add repository for returing Asserting Party Metadata
- Add expiry-aware refreshing asserting party repository
- OAuth2AuthorizationCodeGrantFilter erroneously consumes POST request body with multipart/form-data HOT 2
- Improve documentation about `CredentialsContainer`
- Configure Build to Confirm UnboundId 7 Compatibility
- Introduce `UserAuthorities`
- Support doing a Token Exchange of access token from OIDC login HOT 2
- OIDC Backchannel Logout should allow logout tokens having `typ` header of `logout+jwt`
- Cannot get Stateless Authorisation Server to work HOT 2
- Dynamic register SecurityFilterChain HOT 2
- Spring do not support 401 unauthorized responce by default HOT 1
- Documentation for ServletBearerExchangeFilterFunction incomplete or incorrect
- Consider removing generics from `AuthorizationRequestRepository` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security.