Package org.wildfly.security.sasl
Class WildFlySasl
java.lang.Object
org.wildfly.security.sasl.WildFlySasl
The core WildFly SASL utilities.
- Author:
- David M. Lloyd
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringA property used to supply a separated list (space, comma, tab, new line) of alternative protocols to be acceptable in responses received from the client.static final StringThe amount of time, in seconds, after which a server should terminate an authentication attempt.static final StringA flag indicating that a mechanism which supports channel binding is required.static final StringA property used to specify if the GS2 mechanism should support credential delegation.static final StringA property used to enable workaround for native GSS, where createName() needs to be called for correct GSSContext initialization.static final StringProperty name to specify if the GSSAPI mechanism should support credential delegation.static final StringDeprecated.static final StringA flag indicating that all possible supported mechanism names should be returned, regardless of the presence or absence of any other query flags.static final String[]The immutable empty names array.static final StringA property used to provide an alternate dictionary to the OTP SASL mechanism.static final StringThe property which holds the negotiated client principal after a successful SASL client-side authentication.static final StringA property used by some SASL mechanisms (including theDIGEST-MD5algorithm supplied with most Oracle JDKs) to provide the list of possible server realms to the mechanism.static final StringThe various specifications for the SASL mechanisms mandate certain behaviour and verification of that behaviour at the opposite side of the connection, unfortunately when interacting with other SASL mechanism implementations some of these requirements have been interpreted loosely.static final StringA property used to disable certificate verification against the security realm when using SASL.static final StringThe maximum iteration count to use for SCRAM.static final StringThe minimum iteration count to use for SCRAM.static final StringProperty name for the algorithm name of aSecureRandomimplementation to use.static final StringThe property which holds the negotiated security identity after a successful SASL server-side authentication.static final StringA property used to disable Unicode normalization for passwords.static final StringA property used to directly limit the set of supported ciphers for SASL mechanisms.static final StringA property used by some SASL mechanisms (including theDIGEST-MD5algorithm supplied with most Oracle JDKs) to indicate that information exchange should take place using the UTF-8 character encoding instead of the default Latin-1/ISO-8859-1 encoding. -
Constructor Summary
Constructors -
Method Summary
-
Field Details
-
GSSAPI_DELEGATE_CREDENTIAL
Property name to specify if the GSSAPI mechanism should support credential delegation. The property contains "true" then the credential should be delegated from the client to the server, "false" otherwise. The default value is "false" unless aGSSCredentialwas already passed in using theSasl.CREDENTIALSproperty in which case the default would be "true". Note: This is a client only property and is not used server side.- See Also:
-
GS2_DELEGATE_CREDENTIAL
A property used to specify if the GS2 mechanism should support credential delegation. A value of "true" indicates that the credential should be delegated from the client to the server. The default value is "false" unless aGSSCredentialis passed in using aCredentialCallback, in which case the default is "true". Note: This is a client only property and is not used server side.- See Also:
-
RELAX_COMPLIANCE
The various specifications for the SASL mechanisms mandate certain behaviour and verification of that behaviour at the opposite side of the connection, unfortunately when interacting with other SASL mechanism implementations some of these requirements have been interpreted loosely. If this property contains "true" then where differences in spec interpretation have been identified the checking can be relaxed. The default value is "false".- See Also:
-
SCRAM_MIN_ITERATION_COUNT
The minimum iteration count to use for SCRAM. Default is 4096.- See Also:
-
SCRAM_MAX_ITERATION_COUNT
The maximum iteration count to use for SCRAM. Default is 16384.- See Also:
-
SECURE_RNG
Property name for the algorithm name of aSecureRandomimplementation to use. Using this property can improve security, at the cost of performance.- See Also:
-
CHANNEL_BINDING_REQUIRED
A flag indicating that a mechanism which supports channel binding is required. A value of "true" indicates that channel binding is required; any other value (or lack of this property) indicates that channel binding is not required.- See Also:
-
MECHANISM_QUERY_ALL
A flag indicating that all possible supported mechanism names should be returned, regardless of the presence or absence of any other query flags. This flag is only effective on calls toSaslServerFactory.getMechanismNames(Map)orSaslClientFactory.getMechanismNames(Map)for Elytron-provided SASL factories.- See Also:
-
SECURITY_IDENTITY
The property which holds the negotiated security identity after a successful SASL server-side authentication.- See Also:
-
PRINCIPAL
The property which holds the negotiated client principal after a successful SASL client-side authentication.- See Also:
-
NO_NAMES
The immutable empty names array. -
USE_UTF8
A property used by some SASL mechanisms (including theDIGEST-MD5algorithm supplied with most Oracle JDKs) to indicate that information exchange should take place using the UTF-8 character encoding instead of the default Latin-1/ISO-8859-1 encoding. The default value is "true".- See Also:
-
REALM_LIST
A property used by some SASL mechanisms (including theDIGEST-MD5algorithm supplied with most Oracle JDKs) to provide the list of possible server realms to the mechanism. Each realm name should be separated by a space character (U+0020).- See Also:
-
SUPPORTED_CIPHER_NAMES
A property used to directly limit the set of supported ciphers for SASL mechanisms. The list items should be separated by a comma character (",").- See Also:
-
LEGACY_ALTERNATIVE_PROTOCOLS
Deprecated.A property used to supply a separated list (space, comma, tab, new line) of alternative protocols to be acceptable in responses received from the client.- See Also:
-
ALTERNATIVE_PROTOCOLS
A property used to supply a separated list (space, comma, tab, new line) of alternative protocols to be acceptable in responses received from the client.- See Also:
-
OTP_ALTERNATE_DICTIONARY
A property used to provide an alternate dictionary to the OTP SASL mechanism. Each dictionary word should be separated by a space character (U+0020). Note: This is a client only property and is not used server side.- See Also:
-
AUTHENTICATION_TIMEOUT
The amount of time, in seconds, after which a server should terminate an authentication attempt. The default value is 150 seconds.- See Also:
-
GSSAPI_CREATE_NAME_GSS_INIT
A property used to enable workaround for native GSS, where createName() needs to be called for correct GSSContext initialization. Set to "true" to call createName() as part of GSSContext initialization. This is workaround of JDK-8194073. Note: This is a server only property and is not used client side.- See Also:
-
SKIP_NORMALIZATION
A property used to disable Unicode normalization for passwords. Note: This is a client only property and is not used server side.- See Also:
-
SASL_SKIP_CERTIFICATE_VERIFICATION
A property used to disable certificate verification against the security realm when using SASL. Note: This is a server only property and is not used on the client side.- See Also:
-
-
Constructor Details
-
WildFlySasl
public WildFlySasl()
-
ALTERNATIVE_PROTOCOLS