challenge-response authentication protocols? - Weblogic

This is a discussion on challenge-response authentication protocols? - Weblogic ; Hi, I trying to implement a multi-stage, challenge-response based authentication protocol in weblogic 8.1 The correct location would be the Identity asserter, but this does not support challenge-response. Then challenge-response could be installed into a servlet filter, but that is ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: challenge-response authentication protocols?

  1. challenge-response authentication protocols?

    Hi,

    I trying to implement a multi-stage, challenge-response based
    authentication protocol in weblogic 8.1

    The correct location would be the Identity asserter, but this does not
    support challenge-response.

    Then challenge-response could be installed into a servlet filter, but
    that is not called until after authentication is comleted.

    The AuthFilter is called before the authentication (the identity
    asserter), but that interface is deprecated.

    I dont want a specific servet doing the protocol, since this would
    require me to change application deployment descriptors on deployed and
    already running applications on the server. I need a solution where I
    extend weblogic authentication to include whatever mechanism I want to
    support. As far as I can see it, it cannot be dont with the current
    security architecture.

    I really wanted to have the identity asserter to be able to support
    challenge-response. This could be done by providing HttpServletRequest
    and HttpServletResponse objects as parameters to the "assertIdentity".

    Any good ideas on how to tackle this limitation?

    /Bo

  2. Re: challenge-response authentication protocols?

    Jens Bo Friis wrote:

    > Jens Bo Friis wrote:
    >
    >>
    >> The AuthFilter is called before the authentication (the identity
    >> asserter), but that interface is deprecated.
    >>

    >
    > The AuthFilter approach was a dead end. The AuthFilter is treated and
    > called using an "include" call model, which means that WLS will
    > overwrite headers and other stuff on the response object.
    >
    > Setting my own WWW-Authenticate header on the response object in the
    > AuthFilter is simply overwritten by WLS favorite handler: Basic.
    >
    > /Bo



    if feels like i'm talking to myself :-(

    is this a dead forum?

    /Bo

  3. Re: challenge-response authentication protocols?

    Jens Bo Friis wrote:
    >
    > The AuthFilter is called before the authentication (the identity
    > asserter), but that interface is deprecated.
    >


    The AuthFilter approach was a dead end. The AuthFilter is treated and
    called using an "include" call model, which means that WLS will
    overwrite headers and other stuff on the response object.

    Setting my own WWW-Authenticate header on the response object in the
    AuthFilter is simply overwritten by WLS favorite handler: Basic.

    /Bo

  4. Re: challenge-response authentication protocols?

    Never mind, I solved this problem myself.

    /Bo

  5. Re: challenge-response authentication protocols?

    I'm trying to do basically the same, but cannot make the AuthFilter to work. Could you share you're solution to this problem?

+ Reply to Thread