Unable to define realm-mapping for TrustManager based auth ---------------------------------------------------------- Key: ELY-1217 URL: https://issues.jboss.org/browse/ELY-1217 Project: WildFly Elytron Issue Type: Bug Components: SSL Affects Versions: 1.1.0.Beta48 Reporter: Jan Kalina Assignee: Jan Kalina Priority: Blocker For SASL and HTTP mechanisms it is possible to define *realm-mapping* as part of **-authentication-factory*. But this cannot be used for EXTERNAL/CLIENT_CERT mechanism, because *ServerAuthenticationContext* is not constructed by mechanism but by *SecurityDomainTrustManager* - without relation to any **-authentication-factory*. It can be misleading for user, that *EXTERNAL* mechanism is present in *sasl-authentication-factory*, but if *realm-mapper* is defined here, it is ignored: (because SSL authentication finish before any SASL is initiated) {code:xml} <sasl-authentication-factory name="client-cert-digest" sasl-server-factory="configured" security-domain="client-cert-domain"> <mechanism-configuration> <mechanism mechanism-name="EXTERNAL" realm-mapper="key-store-realm"/> </mechanism-configuration> </sasl-authentication-factory> {code} Should be considered adding way how to pass *realm-mapper* into SSL authentication - maybe add *realm-mapper* attribute into *server-ssl-context* definition?