SSO Integration for Programmatic Authentication ----------------------------------------------- Key: WFLY-9702 URL: https://issues.jboss.org/browse/WFLY-9702 Project: WildFly Issue Type: Feature Request Components: Clustering, Security, Web (Undertow) Reporter: Darran Lofthouse Priority: Critical At the moment the SSO integration only fully covers authentication mechanisms as they can be wrapped, we need to revisit for programmatic authentication. In this scenario we don't have either a wrapped mechanism or a CallbackHandler. Couple of options: * Can we get away with pushing in some form of IdentityCache factory the mechs can obtain from the request? This may miss the additional notifications the SSO impl depends on. * Can we also better support listening for the notifications without the need for wrappers? This could cover both mechs and programmatic authentication? * Instead do we make the programmatic authenticator pluggable, i.e. push in an SSO aware impl, it can choose how to handle it's own caching and also doesn't need the notifications as it is in control of that stage of the process.