From a naive point of view, the "identity" case seemed particularly troublesome, as standard identity stores are things like LDAP servers or databases which typically are 1) remote and 2) may have a very great number of entries. While a credential-store seems more likely to at least be on the local system, perhaps with the contents in memory anyway and the number of aliases not in the thousands. But that "seems more likely" is what I mean by a naive point of view.

Elytron modifiable realms should show existing identities in subsystem ---------------------------------------------------------------------- Key: WFCORE-2691 URL: https://issues.jboss.org/browse/WFCORE-2691 Project: WildFly Core Issue Type: Bug Components: Security Affects Versions: 3.0.0.Beta15 Reporter: Jan Kalina Assignee: Jan Kalina Priority: Blocker Labels: filesystem-realm, security-realm Elytron {{filesystem-realm}} should load existing identities from file system. The steps to reproduce results in: {noformat} [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:read-identity { "outcome" => "failed", "failure-description" => "WFLYCTL0216: Management resource '[ (\"subsystem\" => \"elytron\"), (\"filesystem-realm\" => \"realm\"), (\"identity\" => \"user\") ]' not found", "rolled-back" => true } [standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=realm/identity=user:add { "outcome" => "failed", "failure-description" => "WFLYELY01000: Identity with name [user] already exists.", "rolled-back" => true } {noformat}