[jira] Updated: (MNG-4602) Allow pluggable authentication (using JAAS ?) so that the username and password to connect to a deployment repository can be generated by a Single Sign On-enabled client

Tue, 28 Dec 2010 13:04:24 -0800 

     [ 
http://jira.codehaus.org/browse/MNG-4602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Boden updated MNG-4602:
-----------------------------

    Attachment: wagon.patch

> Allow pluggable authentication (using JAAS ?) so that the username and 
> password to connect to a deployment repository can be generated by a Single 
> Sign On-enabled client
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MNG-4602
>                 URL: http://jira.codehaus.org/browse/MNG-4602
>             Project: Maven 2 & 3
>          Issue Type: New Feature
>          Components: Artifacts and Repositories, Settings
>            Reporter: David Boden
>            Priority: Minor
>         Attachments: wagon.patch
>
>
> The username and password used to authenticate with the remote repository 
> during deployment are stored in the user's settings.xml under the <servers/> 
> structure. This structure allows a username and password to be specified, or 
> for a .ssh private key to be specified.
> It does not allow for pluggable single sign on, where a Java module (perhaps 
> a JAAS LoginModule) is available on the client to generate a token in place 
> of a password. Many corporates use this technique for other web applications, 
> generating an LDAP token from the user's PC and verifying it against an LDAP 
> server on the server side. It adds security by removing the need to pass the 
> user's password over the wire.
> This Jira is a request for a pluggable entry point for this single sign on 
> module, perhaps by specifying a class name in the <server/> structure or by 
> setting a system property. The solution could either define a new interface 
> which Authentication Providers must implement or can use existing interfaces 
> from JAAS, (Http) Authenticator or other frameworks.
> Please feel free to move this item to the "Maven Wagon" component if you feel 
> that's the best place to implement the feature. Alternatively, please also 
> feel free to move to the generic "Maven 2&3" component if you think that the 
> feature has wider scope than just deployment; perhaps to also authenticate 
> using Single Sign On with an internal company's repository when *downloading* 
> artifacts (as well as uploading).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to