Version 5
Created by anil.saldhana on Apr 19, 2013 12:16 PM. Last modified by anil.saldhana on Apr 24, 2013 5:39 PM.

    << Back to AS8 Security Dashboard

     

    I want to capture some of the use cases I can think of here so they are recorded and communicated to the Undertow dev team.

     

    1.  Mechanisms

     

    We need  the following functionality (identified in the subsections 1.1, etc In the old JBossWeb/Tomcat world). This was previously provided by the Authenticator/Valve interfaces. Need to figure out what the mechanisms are in Undertow.

    Discussion: http://lists.jboss.org/pipermail/undertow-dev/2013-April/000266.html

     

    1.1 SAML Web Browser SSO Profile

    Previously we used IDPWebBrowserSSOValve and SPFormAuthenticators

    1.2 SAML Global Logout Profile

    Previously we used IDPWebBrowserSSOValve and SPFormAuthenticators

    1.3 JSR 196 (JASPI) Integration

    Previous we had a JASPI Authenticator in JBossWeb.

     

    2. Servlet Specification - Progammatic Login

    Latest servlet spec has programmatic login such as request.login() methods. This will be tested by the TCK too. Hard to miss.