Unable to define realm-mapping for TrustManager based auth ---------------------------------------------------------- Key: WFCORE-2898 URL: https://issues.jboss.org/browse/WFCORE-2898 Project: WildFly Core Issue Type: Bug Components: Security Affects Versions: 3.0.0.Beta23 Reporter: Jan Kalina Assignee: Jan Kalina Priority: Blocker For SASL and HTTP mechanisms it is possible to define *realm-mapping* as part of **-authentication-factory*. But this cannot be used for EXTERNAL/CLIENT_CERT mechanism, because *ServerAuthenticationContext* is not constructed by mechanism but by *SecurityDomainTrustManager* - without relation to any **-authentication-factory*. It can be misleading for user, that *EXTERNAL* mechanism is present in *sasl-authentication-factory*, but if *realm-mapper* is defined here, it is ignored: (because SSL authentication finish before any SASL is initiated) {code:xml} <sasl-authentication-factory name="client-cert-digest" sasl-server-factory="configured" security-domain="client-cert-domain"> <mechanism-configuration> <mechanism mechanism-name="EXTERNAL" realm-mapper="key-store-realm"/> </mechanism-configuration> </sasl-authentication-factory> {code} Should be considered adding way how to pass *realm-mapper* into SSL authentication - maybe add *realm-mapper* attribute into *server-ssl-context* definition?