Bug #6721
closed
Feature #6711: refactoring of lavoisier security
support chaining authentication attempts
Added by Reynaud Sylvain over 10 years ago.
Updated over 10 years ago.
Estimated time:
(Total: 0.00 h)
Description
PRE-REQUISITE: we must be able to distinguish abort from failure for each authentication mode.
Authentication attempt is considered as
aborted if:
- X509: usage of protocol HTTP instead of HTTPS
- PASSWORD: users clics on the button "cancel"
- IP: the list of authenticated IP does not contain user's IP
- CAS: to be defined...
Authentication attempt is considered as
failed if:
- X509: CA is unknown
- PASSWORD: unknown user or wrong password
- IP: NEVER FAILS !!!
- CAS: to be defined...
Authentication is considered as failed:
- either if ANY authencation attempt has failed
- or if ALL the authentication attempt have been canceled
- Description updated (diff)
- Description updated (diff)
- Tracker changed from Task to Bug
Reynaud Sylvain wrote:
PRE-REQUISITE: we must be able to distinguish abort from failure for each authentication mode.
Authentication attempt is considered as aborted if:
- X509: usage of protocol HTTP instead of HTTPS
If HTTP is used, then the X509 will not be selected as authenticator in the chain, except if the chain is empty and it's the last authenticator supported. In this case, the user will be offered a HTTPS->HTTP automatic redirection
- PASSWORD: users clics on the button "cancel"
Cancel does not send HTTP request.
- IP: the list of authenticated IP does not contain user's IP
OK
To be defined
Authentication attempt is considered as failed if:
This is done at the SSL level, so in principle X509 will never fail
- PASSWORD: unknown user or wrong password
OK
OK
If the ticket is not valid, the CAS login module automatically redirect to the CAS server and thus triggers the generation of a new ticket that will be validated at next request.
Authentication is considered as failed:
- either if ANY authencation attempt has failed
- or if ALL the authentication attempt have been canceled
- Status changed from New to Resolved
Also available in: Atom
PDF