-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WFCORE-5027] Adding a proposal for charset and encoding support for credentials in security realms #323
Conversation
1133be9
to
75f6fee
Compare
``hash-charset`` to the ``set-password`` operation as follows: | ||
|
||
|
||
/subsystem=elytron/filesystem-realm=fsRealm:set-password(identity=user1, digest={algorithm=digest=md5, password=password123, hash-encoding=hex, hash-charset=UTF-16}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a very minor typo, s/digest=md5/digest-md5.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed!
|
||
=== Hard Requirements | ||
|
||
All realms that support hashed passwords need to be modified: Properties Realm, Filesystem Realm, JDBC Realm, and LDAP Realm. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be good to add links to the corresponding Java classes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added!
Nice analysis, @SoniaZaldana! |
88b51b1
to
3db24fe
Compare
used when verifying every single client-provided password against the credentials stored in the | ||
security realm, as long as hashing is enabled. The only difference lies in that the Elytron Properties realm | ||
only allows ClearPasswords or DigestPasswords, as opposed to the ``UserRolesLoginModule`` which supports a wider variety of | ||
hashing algorithms. Supporting more hashing algorithms is out of the scope of this RFE. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For now, I have written that supporting all the hashing algorithms that legacy supported is out of the scope of this RFE. Should it be included?
3db24fe
to
eac337a
Compare
eac337a
to
dadfac1
Compare
…credentials in security realms
https://issues.redhat.com/browse/WFCORE-5027