]
Jean-Francois Denise commented on WFCORE-3767:
----------------------------------------------
I just attached a cone extract with what I am doing and what I would like to do.
Ability to configure each aggregated realm separately
-----------------------------------------------------
Key: WFCORE-3767
URL:
https://issues.jboss.org/browse/WFCORE-3767
Project: WildFly Core
Issue Type: Enhancement
Components: Security
Reporter: Jean-Francois Denise
Assignee: Darran Lofthouse
Attachments: conf-extract
The use-case is EXTERNAL + role derived from mgmt-groups.properties. To achieve this
use-case a realm aggregate is needed. Each aggregated realm can't be configured with
its own principal-transformer. So each realm is impacted by the transformer set on the
aggregation.
Allowing to configure each realm separately would offer the flexibility to isolate
principal transformation for authorisation and not impact authentication.
Authentication impact is quite important, an alias in the trust-store and the decoded
principal must match exactly. Something that shouldn't be made mandatory in this case.