1 Reply Latest reply on Jul 7, 2008 1:21 PM by Anil Saldanha

    JBoss Negotiation - SPNEGO

    Darran Lofthouse Master

      I just wanted to start a discussion to see if there are any priorities for the tasks to work on for the Beta2 release of the JBoss Negotiation library.

      I have just added a new LDAP login module based on the existing LdapExtLogin module to add support to use GSSAPI for 'java.naming.security.authentication' and better support for running the searches without actually performing the authentication.

      I will be documenting this new module later today and will be ready to pick up the next tasks, currently I have the following issues to choose from: -

      http://jira.jboss.com/jira/secure/IssueNavigator.jspa?reset=true&mode=hide&pid=12310271&sorter/order=DESC&sorter/field=priority&resolution=-1&component=12311360

      I have been considering adding support for Microsoft PAC http://jira.jboss.com/jira/browse/SECURITY-155 to obtain the roles from the messages exchanged however this would still require some mechanism to obtain the actual roles from Active Directory as the message just contains an identifier.

      Alternatively the following tasks may be more appropriate to use an authentication cache which is aware of the expiration of the exchanged tickets and possibly even a distributed cache to remove the need for re-authentication on failover.

      http://jira.jboss.com/jira/browse/SECURITY-137
      http://jira.jboss.com/jira/browse/SECURITY-127

      For the Beta2 release I think it may also be a priority to get FreeIPA documented as an alternative to Active Directory.