[WFLY-18185] Provide a possibility for a caching realm to authenticate users with underlying realm when credential verification with cached credential fails #530
Conversation
Skyllarr
force-pushed
the
WFLY-18185
branch
4 times, most recently
from
36e3119 to
983b7dd
Compare
|
|
||
| === Affected Projects or Components | ||
|
|
||
| * https://github.com/wildfly/wildfly-core[WildFly Core project] |
|
|
||
| == Release Note Content | ||
|
|
||
| It is now possible to use the new credentials to authenticate to the WildFly server if these credentials have been configured outside of WildFly in the user store. |
There was a problem hiding this comment.
It is now possible to use the new credentials to authenticate ...
I miss the part about cached credentials. What about something like the following?
It is now possible to update cached credentials with new credentials and authenticate ...
There was a problem hiding this comment.
@OndrejKotek Thank you. fixed
|
|
||
| === QE Contacts | ||
|
|
||
| * mailto:TODO |
There was a problem hiding this comment.
I think this can be added now.
|
|
||
| == Release Note Content | ||
|
|
||
| It is now possible to update cached credentials with new credentials and authenticate to the WildFly server if those credentials have been updated outside of WildFly in the user store. |
There was a problem hiding this comment.
You mention "it is now possible" but if this is now the default behaviour it should probably be stated as that.
|
|
||
| This functionality should either be added as a default, as this was the behaviour of the legacy security subsystem. Or we can add this behaviour under a new attribute of the caching realm. If we add it as configurable with a property, then it can be backported with a system property. | ||
|
|
||
| I have decided to enable this functionality by default. The reason for this is that this functionality was present in the legacy security, and users can consider the absence of this functionality to be a bug, so we should not require its configuration. |
There was a problem hiding this comment.
You mention enable by default but it does not look now like there will be a mechanism to turn it off? May be worth stating it is not optional if that is the case.
There was a problem hiding this comment.
It won't be possible to change this. I updated the doc
|
@Skyllarr Please add a section like the one here: and X one of the boxes. If it's 'Preview' please change the JIRA title and proposal title to 'Preview - Provide a...'. Given the discussions at https://wildfly.zulipchat.com/#narrow/stream/174184-wildfly-developers/topic/Questions.20about.20the.20the.20new.20stability.20development.20process about the configuration style, and some of the conversation's I've seen with @pferraro about clustering, if this is wanted for WF 31, 'Preview' level may be the best choice. |
@bstansberry We have decided to not target wildfly 31 for this. I will add this new section and I'll mention the |
…e users with underlying realm when credential verification with cached credential fails
|
@bstansberry This can be merged now, as the feature implementation was already merged |
https://issues.redhat.com/browse/WFLY-18185