Details

      Description

      Reopening of ISSUE LPS-12903. See also LPS-12087 for some hints.

      The very ISSUE is when not having the passwords stored in
      Liferay. In a SSO environement, one might like the point, that
      a password is stored at a central place, in our case it is
      Shibboleth, so even if the server is compromised, the other
      services are not automatically compromised too. (Thought to the
      end, with storing the credentials in Kerberos, the password
      would not even have to travel the net but we are still able
      to authenticate against Shibboleth and from there we enable
      e.g. Liferay...)

      Unfortunately this does not work with Liferays WebDAV right
      now, as the tunnel web bypasses the auth pipeline (see
      also LPS-12087). So for reproducing the issue, one has to
      have a setup where the user knows the password stored outside
      Liferay and having e.g. random passwords in the Liferay DB.

      When I compare the sourcecode in SVN to our 6.1 installation
      I find the very same lines in LoginUtil.java, so I do not
      think this issue will be solved in 6.2 or the like, therefore
      "reopening".

      Thank you!

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 33 weeks ago

                Packages

                Version Package
                6.2.0 CE M4