Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-846

Add the ability to restrict the createPrincipalToken SOAP method to specific applications

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Core features, SOAP
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      It would be nice to have an option in the Admin Console to restrict which applications can use the createPrincipalToken method in the SOAP API, instead of having it available to applications.

      As it stands now, any application can authenticate a principal without actually validating a password – whether they need this functionality or not. This has raised some security concerns about how easily a "fake" user session could be created if someone had access to an application's password (and could submit a request from its authorized IPs).

      We'd like to be able to grant this permission on a per-application basis, similar to how directory modification permissions can be restricted by application.

      Attachments

        Issue Links

          mentioned in

          Wiki Page Loading...

          Activity

            People

              Unassigned Unassigned
              a11b0168bce9 Paul Boyum
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: