Elytron security realms cannot be used only for authorization ------------------------------------------------------------- Key: ELY-869 URL: https://issues.jboss.org/browse/ELY-869 Project: WildFly Elytron Issue Type: Bug Components: Realms Affects Versions: 1.1.0.Beta18 Reporter: Ondrej Lukas Assignee: Jan Kalina Priority: Blocker Attachments: print-roles.war Scenario: I try to configure application server for scenario when different identity stores are used for authentication and authorization (e.g. username/password are stored in LDAP and roles are assigned from Database). In case when authentication and authorization is handled by different security realms in Elytron (i.e. aggregate realm is used) then authorization works only in case, when identity store for realm used for authorization includes the username also for authentication. See Steps to Reproduce for more details. We request blocker since using different identity stores for authentication and authorization is common scenario which should be provided by Elytron. Even out documentation explicitly mentioned that scenarios [1]: ??Consider the case where users are managed in a central LDAP server and application-specific roles are stored in the application’s relational database.?? I tried this scenario with Properties and Filesystem Realms for authentication and Properties and Ldap Realms for authorization. [1] https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-appli...