Legacy security domain used as Elytron security realm does not work in authorization part of aggregate-realm ------------------------------------------------------------------------------------------------------------ Key: WFCORE-2503 URL: https://issues.jboss.org/browse/WFCORE-2503 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Critical Attachments: print-roles.war In case when legacy security domain is used as Elytron security realm and is added as authorization realm to aggregate-realm then no roles are assigned to authenticated user. I tried to use following legacy security domain: {code} <security-domain name="legacyDomain" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="/tmp/users.properties"/> <module-option name="rolesProperties" value="/tmp/roles.properties"/> </login-module> </authentication> <mapping> <mapping-module code="SimpleRoles" type="role"> <module-option name="admin" value="User"/> </mapping-module> </mapping> </security-domain> {code} Roles should be assigned from mapping. Since it seems that there is no documentation related to this topic I am not sure whether roles should be assigned also from rolesProperties of UsersRoles login module - it needs to be clarified by developers.