Topics

Build In Identity Stores - Credential Validation


Darran Lofthouse
 

The build in default beans should mean some consistent implementations across different containers.

On the two identity stores there doesn't seem to be any description as to how this validation will happen.

Regards,
Darran Lofthouse.


Will Hopkins
 

Do you think this needs to be described in detail? LDAP authentication, and validation of passwords stored in a DB, are fairly straightforward.

On 07/07/2017 05:31 AM, Darran Lofthouse wrote:
The build in default beans should mean some consistent implementations across different containers.

On the two identity stores there doesn't seem to be any description as to how this validation will happen.

Regards,
Darran Lofthouse.


-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803


Darran Lofthouse
 

My assumption so far is the LDAP authentication will be achieved by attempting to connect to LDAP using the located DN and provided password.

For database I assume it is a case of retrieving the password, apply the configured hash to the provided password and compare the two.

If that is correct I don't think it needs to state much more than that really.


On Fri, 7 Jul 2017 at 16:26 Will Hopkins <will.hopkins@...> wrote:
Do you think this needs to be described in detail? LDAP authentication, and validation of passwords stored in a DB, are fairly straightforward.


On 07/07/2017 05:31 AM, Darran Lofthouse wrote:
The build in default beans should mean some consistent implementations across different containers.

On the two identity stores there doesn't seem to be any description as to how this validation will happen.

Regards,
Darran Lofthouse.


-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803


Arjan Tijms
 

Indeed, that's what happens. 

When in doubt, vendors can additionally check the RI, although the spec should be clear enough of course.


Will Hopkins
 

That's the idea as I understand it. I can certainly add a few words to that effect.

On 07/07/2017 11:30 AM, Darran Lofthouse wrote:
My assumption so far is the LDAP authentication will be achieved by attempting to connect to LDAP using the located DN and provided password.

For database I assume it is a case of retrieving the password, apply the configured hash to the provided password and compare the two.

If that is correct I don't think it needs to state much more than that really.


On Fri, 7 Jul 2017 at 16:26 Will Hopkins <will.hopkins@...> wrote:
Do you think this needs to be described in detail? LDAP authentication, and validation of passwords stored in a DB, are fairly straightforward.


On 07/07/2017 05:31 AM, Darran Lofthouse wrote:
The build in default beans should mean some consistent implementations across different containers.

On the two identity stores there doesn't seem to be any description as to how this validation will happen.

Regards,
Darran Lofthouse.


-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803