https://darranl.blogspot.com/2019/03/security-features-for-wildfly-17.html
Now that WildFly 17 is complete this blog post is to provide some further information on the progress of these features.
Reviewing release notes provides a very coarse list of the changes that were actually merged during the development of Wildfly 17 this blog post provides further information in relation to the progress of features actively being developed.
JDBC Security Realm - Hex and Modular Crypt Encoding.
One of the planned features was to add support for hex encoding of passwords and support for modular crypt with the JDBC security realm, this feature has been merged and is available from WildFly 17 Final.
WFCORE-3832 Support hex encoding in jdbc-realm for elytron.
A blog post is available here showing some examples using this feature: -
https://developer.jboss.org/people/aabdelsa/blog/2019/06/11/configuring-a-jdbc-security-realm-with-bcrypt-and-modular-crypt-password-mappers
Additionally additional documentation has been published describing both the PasswordFactory APIs and the JDBC security realm.
https://docs.wildfly.org/17/WildFly_Elytron_Security.html#Passwords
https://docs.wildfly.org/17/WildFly_Elytron_Security.html#jdbc-security-realm
TLS 1.3
WFCORE-4172 Add support for TLS 1.3Support for TLS 1.3 was developed during the development of WildFly 17, the changes were not quite ready during before the feature freeze however we hope these can be merged soon for WildFly 18. In the meantime some further background to the changes can be found here: -
https://developer.jboss.org/people/fjuma/blog/2019/06/11/upcoming-support-for-tls-13-with-wildfly
X509Certification Mapping
WFCORE-4361 Enhanced mapping of X509Certificate to the underlying identity.This feature is also close to be ready to be merged with information available at: -
https://developer.jboss.org/people/fjuma/blog/2019/06/11/mapping-an-x509-cert-to-an-identity-using-a-subject-alt-name
Audit Logging RFC Support and Performance Enhancements
More information can be found in the following blog post on enhancements presently being prepared in relation to enhanced RFC support and performance enhancements for audit logging: -https://justinwildfly.blogspot.com/2019/06/enhanced-audit-logging-in-wildfly.html
Web Services and RESTEasy Client Integration
This is a pair of tasks involving collaboration between the WildFly Elytron engineering team and the respective engineers working on these projects.WFLY-11697 WS integration with WildFly Elytron - AuthenticationClient for Authentication / SSL
The following blog contains information on the progress so far: -
https://dvilkola.wordpress.com/2019/06/11/web-services-client-and-resteasy-client-integration-with-wildfly-elytron/
Identity Attribute Aggregation
The aggregation of an identity's attributes from multiple security realms is being handled under WFCORE-4447, more information on the progress of this feature can be seen under the following blog post: -https://darranl.blogspot.com/2019/06/wildfly-elytron-aggregation-of.html
Certificate Authority Account Configuration
Previous work has added support for LetsEncrypt within the application server WFCORE-4362 is a follow on task to make it possible to configure alternative certificate authority accounts enabling support for alternative certificate authorities which support the ACME protocol.More information about this development can be found in the following blog post: -
https://dvilkola.wordpress.com/2019/06/11/obtain-and-manage-certificates-from-any-server-instance-that-implements-acme-specification-using-the-wildfly-cli/
OCSP
Finally development has been progressing WFCORE-3947 and we are hoping this one will be merged shortly, more information on this development can be seen in the proposal: -https://github.com/wildfly/wildfly-proposals/pull/188
No comments:
Post a Comment