[
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056139#comment-15056139
]
Kevin Minder commented on KNOX-641:
-----------------------------------
[~lmccay] < I'm trying to compare this to swapping in Shiro with a embedded
user store for the same topology while the server is running. I'm not totally
sure what the current behavior would be there. In any case the real issue here
is that there must be a way to verify the previous authentication to prove that
it was done by a trusted party. The authenticate performed by the
testBasicAuth should not be trusted by the pac4j impl after that is later
disabled.
> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> -----------------------------------------------------------
>
> Key: KNOX-641
> URL: https://issues.apache.org/jira/browse/KNOX-641
> Project: Apache Knox
> Issue Type: New Feature
> Reporter: Jérôme Leleu
> Assignee: Jérôme Leleu
> Fix For: 0.7.0
>
> Attachments: KNOX-641.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
