[Acceptance Criteria Only] Verify all authentication schemas

Description

Authentication schemas that have to be tested:

private API:
- basic authentication
- basic authentication with impersonation (https://docs.alfresco.com/process-services1.8/topics/rest_api_authorization.html)
- jwt bearer token authentication
public API:
- authentication with cookies

Activity

Show:

All Replies

May 11, 2018, 4:15 PM

Copy link to comment

[This comment has been reassigned to allreplies@alfresco.com as part of the Alfresco cloud migration project. The author of this comment was ctopala] Verified using https://bamboo.alfresco.com/bamboo/browse/ACT-ABS395-40

All Replies

May 11, 2018, 4:21 PM

Copy link to comment

[This comment has been reassigned to allreplies@alfresco.com as part of the Alfresco cloud migration project. The author of this comment was ctopala] What do we think about the following scenario: when impersonating an user that doesn't exist in APS, the call goes through without any problems.

User1 exists in APS and Keycloak.

User2 exists only in APS.

User1 impersonates User2 to perform a Rest call.

This is probably an isolated case, as users will most likely be synced to APS, but in the remote case that an user exists only in APS and it's impersonated, do we want to block the impersonation or do we leave it as it is?

All Replies

October 31, 2020, 12:18 PM

Copy link to comment

[This issue has been reassigned to allreplies@alfresco.com as part of the Alfresco cloud migration project. The reporter of this issue was rspatariu]

Resolved

Assignee

Unassigned

Reporter

All Replies

Labels

None

Delivery Team

None

Release Train

None

Sprint

None

Priority

Unprioritized

Configure