AggregateRealm is failing in authentication with token-realm ------------------------------------------------------------ Key: ELY-1995 URL: https://issues.redhat.com/browse/ELY-1995 Project: WildFly Elytron Issue Type: Bug Reporter: Farah Juma Assignee: Farah Juma Priority: Major Authentication is failing when token-realm is set as an authentication-realm in aggregate-realm and ldap-realm is set as authorization realm.  It is found that {{AggregateSecurityRealm#getRealmIdentity}} is attempting to get the realm identity to be used for authentication using the JWT realm and it attempts to get the realm identity to be used for authorization using the LDAP realm. In both cases, the {{BearerTokenEvidence}} is being used to try to obtain the realm identity. The problem with this is that the {{LdapSecurityRealm}} won't be able to obtain the principal from the {{BearerTokenEvidence}} so the {{authorizationIdentity}} will just be the {{RealmIdentity.NON_EXISTENT}} identity, resulting in the "User does not exist" error. {panel} 2020-06-11 08:51:06,767 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost' protocol='http' 2020-06-11 08:51:06,769 TRACE [org.wildfly.security] (default task-1) Evidence verification: evidence = org.wildfly.security.evidence.BearerTokenEvidence@2587e47f evidencePrincipal = null 2020-06-11 08:51:06,782 DEBUG [org.wildfly.security] (default task-1) Token is using algorithm [RS256] 2020-06-11 08:51:06,789 DEBUG [org.wildfly.security] (default task-1) Token is using algorithm [RS256] 2020-06-11 08:51:06,792 TRACE [org.wildfly.security] (default task-1) BEARER_TOKEN: org.wildfly.security.http.HttpAuthenticationException: ELY05053: Callback handler failed for unknown reason at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:161) ... 41 more {panel}