[ https://issues.jboss.org/browse/ELY-628?page=com.atlassian.jira.plugin.sy... ] Pedro Igor commented on ELY-628: -------------------------------- In some situations, a JWT-based token realm can be used to only extract identities from tokens without performing validations such as issuer, audience or signatures. For instance, when the mechanism already provides the same validations (or custom validations) supported by the realm. A driven use case for this issue is Keycloak integration, where Keycloak adapter code (authentication mechanisms) already provides all the necessary checks for JWTs. In this case, the realm is just used to build identities and to trust token evidences passed from the mechanism. -- This message was sent by Atlassian JIRA (v6.4.11#64026)