mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-09 14:34:43 +00:00
e490ecb7d3
Fixes a bug in the PKI authentication. This manifests when there are multiple PKI realms configured in the chain, with different principal parse patterns. There are a few configuration scenarios where one PKI realm might parse the principal from the Subject DN (according to the `username_pattern` realm setting) but another one might do the truststore validation (according to the truststore.* realm settings). This is caused by the two passes through the realm chain, first to build the authentication token and secondly to authenticate it, and that the X509AuthenticationToken sets the principal during construction.