[
https://issues.jboss.org/browse/WFCORE-3767?page=com.atlassian.jira.plugi...
]
Martin Švehla commented on WFCORE-3767:
---------------------------------------
[~dlofthouse] from our point of view it should be RFE. Our criteria isn't size of the
feature as much as if/how it is visible to users. If it influences configuration, it
should be RFE. Besides QE, the docs team will have to get involved too to document the
changes in the subsystem.
I suggest transforming PRODMGT-1865 (the one that [~mchoma] mentioned) to EAP7 RFE and do
this jira as part of this new RFE.
If the feature is small, we don't need to do overly complicated analysis/test plan
documents and it still can be processed fast ;)
[~kabirkhan] any objections?
Ability to configure each aggregated realm separately
-----------------------------------------------------
Key: WFCORE-3767
URL:
https://issues.jboss.org/browse/WFCORE-3767
Project: WildFly Core
Issue Type: Enhancement
Components: Security
Reporter: Jean-Francois Denise
Assignee: Darran Lofthouse
Attachments: conf-extract
The use-case is EXTERNAL + role derived from mgmt-groups.properties. To achieve this
use-case a realm aggregate is needed. Each aggregated realm can't be configured with
its own principal-transformer. So each realm is impacted by the transformer set on the
aggregation.
Allowing to configure each realm separately would offer the flexibility to isolate
principal transformation for authorisation and not impact authentication.
Authentication impact is quite important, an alias in the trust-store and the decoded
principal must match exactly. Something that shouldn't be made mandatory in this case.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)