Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1084601 - [GSS] (6.3.0) Backport PLINK-405
[GSS] (6.3.0) Backport PLINK-405
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: PicketLink (Show other bugs)
6.2.1
Unspecified Unspecified
unspecified Severity unspecified
: ER2
: EAP 6.3.0
Assigned To: Anil Saldhana
Josef Cacek
Nichola Moore
:
Depends On:
Blocks: 1084593 1084597 1091177 1095230
  Show dependency treegraph
 
Reported: 2014-04-04 15:26 EDT by Derek Horton
Modified: 2014-08-11 22:08 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
A new feature has been incorporated into the PicketLink component of this version of JBoss EAP 6. In this release the the principal that gets sent to the AttributeManager has been made configurable. When using PicketLink with JBoss Negotiation, the principal that is sent to the AttributeManager is a hashed string and not the username. This can result failed lookups if the mapping provider uses the principal to look up any attributes. The ability to configure the principle ameliorates this issue.
Story Points: ---
Clone Of: 1084596
: 1085534 (view as bug list)
Environment:
Last Closed: 2014-06-28 11:44:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker PLINK-405 Major Resolved Make the principal that gets sent to the AttributeManager configurable 2015-11-25 04:18 EST

  None (edit)
Description Derek Horton 2014-04-04 15:26:06 EDT 
Backport PLINK-405
Comment 1 Derek Horton 2014-04-04 15:27:50 EDT 
Functionality can be enabled as shown here:

  <valve>                                                                                                                                                              
     <class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>                                                             
     <param>                                                                                                                                                           
       <param-name>passUserPrincipalToAttributeManager</param-name>                                                                                                    
       <param-value>true</param-value>                                                                                                                                 
     </param>                                                                                                                                                          
   </valve>
Comment 2 Derek Horton 2014-04-07 15:55:48 EDT 
Reproducer notes for hashed user principal PL issue:

idp.war/WEB-INF/picketlink.xml (set the AttributeManager):

<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
  <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1"
                 AttributeManager="org.picketlink.identity.federation.bindings.jboss.attribute.JBossAppServerAttributeManager"
                 StrictPostBinding="true">


idp.war/WEB-INF/jboss-web.xml:

  <valve>
     <class-name>org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve</class-name>
     <param>
       <param-name>passUserPrincipalToAttributeManager</param-name>
       <param-value>true</param-value>
     </param>
   </valve>


standalone.xml:

    <mapping>
      <mapping-module code="org.jboss.security.mapping.providers.attribute.LdapAttributeMappingProvider" type="attribute">
="java.naming.provider.url" value="ldaps://imatestldapserver.redhat.com"/>
        <module-option name="bindDN" value="uid=imauser,dc=test,dc=redhat,dc=com"/>
        <module-option name="bindCredential" value="imapassword"/>
        <module-option name="baseCtxDN" value="ou=users,dc=test,dc=redhat,dc=com"/>
        <module-option name="baseFilter" value="(uid={0})"/>
        <module-option name="attributeList" value="mail,cn,sn,UserType"/>
        <module-option name="searchTimeLimit" value="10000"/>
      </mapping-module>
    </mapping>
Comment 3 Josef Cacek 2014-05-05 04:28:51 EDT 
Verified in 6.3.0.ER2
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.