Programatic authentication should be caching the SecurityIdentity not the name of the identity ---------------------------------------------------------------------------------------------- Key: ELY-1464 URL: https://issues.jboss.org/browse/ELY-1464 Project: WildFly Elytron Issue Type: Bug Components: HTTP Reporter: Darran Lofthouse Assignee: Darran Lofthouse Priority: Major Fix For: 1.8.0.CR3 By only caching the name of the identity the server authentication context -> security domain -> security realm chain is called for each subsequent request when we should have been able to re-use an existing identity.