[
https://issues.redhat.com/browse/WFCORE-4485?page=com.atlassian.jira.plug...
]
Carl Walker commented on WFCORE-4485:
-------------------------------------
I have two use cases. In both cases, authentication and authorization info is kept in
multiple places. (This isn't the "authenticate here / authorize there"
scenario supported with aggregate.)
1) End users and admins credentials are located in different datastores (tables) but
access the same resources. End users hit the first query. If that passes, they're
authenticated and authorized. Admins fail on the first query, but succeed on the second.
Business logic keeps the usernames unique across both stores.
2) Customer-maintained Active Directory and RDBMS-oriented "system accounts".
Authentication is done against Active Directory for end users who have an identity in the
enterprise system. System accounts will fail the AD check but will be picked up in a
second RDBMS module.
Support for multiple security realms - Distributed Identities
-------------------------------------------------------------
Key: WFCORE-4485
URL:
https://issues.redhat.com/browse/WFCORE-4485
Project: WildFly Core
Issue Type: Feature Request
Components: Security
Reporter: Farah Juma
Priority: Major
Labels: CD17-Deferred, EAP-CD19, Previous_RFE
Fix For: 11.0.0.Beta8
By stacking LoginModules it was possible using PicketBox to attempt to authenticate using
one remote store and if that failed try the next store in the list.
This RFE is to consider the use case where identities could be located across multiple
stores and how they are aggregated together.
Additionally this use case should consider how the authorization information could be
loaded from multiple sources and merged.
This RFE is not about fail over in the event of a realm being unavailable although it may
be related.
This RFE is created as a result of comparing the differences between the PicketBox JAAS
architecture and the Elytron architecture so I would not recommend this proceeds without
some real world use cases identified.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)