Community
Participate
Working Groups
When JNDIContext.open is called and an AuthNSelfIssuedMaterials is passed, the provider authenticates to the underlying JNDI SP using whatever Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS were set in the context's configuration. Using this identity, it searches for a subject matching the data found in the AuthNSelfIssuedMaterials. This works in terms of authentication, but the underlying JNDI context is left open using the original principal and credentials. This causes a scenario where anyone authenticating with AuthNSelfIssuedMaterials gets the authZ privileges of another identity. This could cause more or less data to be returned than is allowed from subsequent access operations.
Looking at using LDAP proxy authorization. This has the following caveats: 1. Not all directory servers support proxy authZ. 2. The directory service must be modified to allow the authenticated user to proxy for the specified user.
moving unfinished items from M4 to M5 candidate list
moving all unfinished tasks from M5 to M6 as candidate tasks.
temporarily moving these Higgins 1.1 candidate items out to 1.1 target milestone as placeholder for time being. Will pull in select items to various Milestone builds as appropriate as we approach 1.1 release.
