M
Michael Jacobs
Guest
Hello Darren, We will certainly look at the consistency of the 'scoped' default values in the oeablSecurity.properties files for version 12. In general the ClientPrincipal filter configuration properties are used for authentication providers that do not produce a ClientPrincipal object that can be sent to the ABL application. Examples would be LDAP, AD, OAuth2, or SAML2. The OERealm authentication provider is slightly different because it does provide a richer API that allows your ABL code to provide information we can use as direct input to generating a sealed ClientPrincpal object. So OERealm contains a set of properties that allows this one-step creation and seal process to be performed. A contributing factor is the timing of when the OERealm authentication provider runs in the authentication process. Using the ClientPrincipal filter's configuration to inject the correct HTTP session id and do the seal operation was found to be faulty - therefore the OERealm is self contained and does its own seal operation. We'll also look at the documentation for clarity on the relationship between ClientPrincipal configuration properties and the OERealm authentication provider. A final question: could you help us out by supplying the oeablSecurity.properties files for the PASOE instance (conf/), the ABL application (ablapps/xxx/conf/), and the web application's WEB-INF/? I understand if that is confidential information and you do not want to share... but it does help us to see live problem cases. Mike Jacobs
Continue reading...
Continue reading...