Mapping roles in legacy security domain is ignored when this domain is used as Elytron realm -------------------------------------------------------------------------------------------- Key: WFLY-8316 URL: https://issues.jboss.org/browse/WFLY-8316 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Stefan Guilhen Priority: Critical Attachments: print-roles.war In case when legacy security domain is used as Elytron realm then roles assigned in mapping are unavailable in Elytron security realm. e.g. when UsersRoles login module, which assigns role JBossAdmin to user admin is used and then role User is assigned for user admin in SimpleRoles mapping module through: {code} <mapping> <mapping-module code="SimpleRoles" type="role"> <module-option name="admin" value="User"/> </mapping-module> </mapping> {code} then only role JBossAdmin is available for Elytron. Following appears in server log: {code} Authorizing against the following attributes: [Roles, CallerPrincipal] => [JBossAdmin, admin] {code} In case when this legacy security domain is used directly as PicketBox security domain, then both roles, JBossAdmin and User, are assigned to user admin.