JOSSO

Include a fall-back to LDAP X.509 userCertificate lookup in getUID

View this issue in another formatViewView
- XML
- Word
- Printable

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: JOSSO 1.8.3
Fix Version/s: None
Component/s: LDAP Identity Store

Description:

Hide
The LDAPIdentityStore getUID method for handling UID lookup by X.509 certificate assumed the backing LDAP can handle userCertificate binary search filters. While this may work on some LDAP providers it is not guaranteed that the LDAP provider implements certificateExactMatch or handles it in this way. OpenLDAP 2.4 in later versions does, but 2.3 does not.

Attached is a patch that attempts a fallback that does the certificate equality matching in-application if the LDAP returned no results from the userCertificate search that should ensure greater portability across LDAP providers.

Show
The LDAPIdentityStore getUID method for handling UID lookup by X.509 certificate assumed the backing LDAP can handle userCertificate binary search filters. While this may work on some LDAP providers it is not guaranteed that the LDAP provider implements certificateExactMatch or handles it in this way. OpenLDAP 2.4 in later versions does, but 2.3 does not. Attached is a patch that attempts a fallback that does the certificate equality matching in-application if the LDAP returned no results from the userCertificate search that should ensure greater portability across LDAP providers.

Download all attachments as a ZIP file

Attachments

LDAPIdentityStore-x509-uid-fallback.patch

(6 kB)

Aaron Reffett

13/Apr/11 3:47 PM

Activity

Ascending order - Click to sort in descending order

There are no comments yet on this issue.

People

Assignee:

Sebastian Gonzalez Oyuela

Reporter:

Aaron Reffett
Votes:

0

Watchers:

0

Dates

Created:

13/Apr/11 3:47 PM

Updated:

13/Apr/11 3:47 PM