[DOCU-470] Login handler can be bypassed in CAS module with incorrect setting Created: 12/Sep/13 Updated: 21/May/14 Resolved: 21/May/14 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Milan Divilek | Assignee: | Gavan Stockdale |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Description |
|
To understand problem see There are two ways how to avoid this behaviour: 2.Split info.magnolia.jaas.sp.jcr.JCRAuthenticationModule and info.magnolia.jaas.sp.ldap.ADAuthenticationModule into different jaas login chain
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule required;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
magnolia-ntlm {
info.magnolia.jaas.sp.ldap.ADAuthenticationModule required realm=external;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
}
|