]
Farah Juma reassigned ELY-178:
------------------------------
Assignee: Farah Juma (was: Darran Lofthouse)
Domain to domain identity propagation
-------------------------------------
Key: ELY-178
URL:
https://issues.jboss.org/browse/ELY-178
Project: WildFly Elytron
Issue Type: Feature Request
Components: Realms
Reporter: Darran Lofthouse
Assignee: Farah Juma
Fix For: 1.1.0.CR1
At the lowest level a users identity is associated with a single SecurityRealm, two
accounts that authenticated against different realms will never be considered equal.
However on top of this we have the security domains, a security domain amongst other
things is an aggregation of realms. Incoming server connections and also applications can
be associated with a security domain. However we still have the following two scenarios
of a call to complete the consideration for: -
Connection -> Deployment
Deployment -> Deployment
In the first case the connection may be associated with a security domain with a large
set of realms, however the deployment may be associated with a smaller set of realms. In
the case that the realm is in both of these domains we need the identity to be able to
automatically propagate.
Same for deployment to deployment calls, if there is a common realm the identity should
propagate.