SEC 40 - Enhance co-existence of multiple authentication mechanisms in Liberty #9012
Labels
Aha Idea
Epic
Used to track Feature Epics that are following the UFO process
in:Security
team:Core Security
Projects
Liberty has limited support to have multiple authentication mechanisms to a service when one of them is SPNEGO. With custom TAI and the method isTargetInterceptor you could determine if this interceptor should handle the request. The method has the HttpServletRequest as a parameter so it is very flexible. With the SPNEGO feature there are limited possibilities to configure when and when not SPNEGO should handle the request. Only five filter elements are defined. There are several solutions for this: • Extend the configuration with a new filter element where you can enter a specific http header name together with a match type, in our case: “notContain” • Offer the deprecated Interface SpnegoTAIFilter and a SPNEGO TAI • Ensure that SPNEGO detects whether the subject is already created by a previous interceptor
Resolves RFE 103921
The text was updated successfully, but these errors were encountered: