Elytron AuthenticationConfiguration uses SASL mechanism from incorrect security Provider in some cases ------------------------------------------------------------------------------------------------------ Key: ELY-1203 URL: https://issues.jboss.org/browse/ELY-1203 Project: WildFly Elytron Issue Type: Bug Components: Authentication Client Reporter: Josef Cacek Assignee: Darran Lofthouse Priority: Blocker Fix For: 1.1.0.Beta48 In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient implementation is used. Instead of the Elytron one, the JDK provided one is used ({{com.sun.security.sasl.PlainClient}}). The Elytron client builds the AuthenticationContext and runs executed code in this way: {code:java} AuthenticationConfiguration authnCfg = AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN) .useName(USERNAME).usePassword("wrongPassword") .useProviders(() -> new Provider[] { new WildFlyElytronProvider() }); AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...) {code} It seems to be related to what's included on classpath. When we use the same code in [elytron-client-demo|https://github.com/jboss-security-qe/elytron-client-demo] the correct mechanism is used.