I know this has already been asked and the documentation of keycloak also has a short
entry on this topic:
"To propagate the security context to the EJB tier you need to configure it to use
the "keycloak" security domain. This can be achieved with the @SecurityDomain
which is exactly what I did with all my EJBs. I even made my own quickstart/testproject,
since I am trying to secure an EAR-Deployment with EJBs on Wildfly 10 and I just cannot
get Keycloak SAML to work properly. I also annotated these beans with @PermitAll.
I am using the wildfly-saml-adapter to authenticate against an external IdP and I have
been debugging the adapter to figure out what is happening.
I can see that in
the SubjectInfo is created and the Principal is propagated to
I configured my war in my ear to have a jboss-web.xml which points to "keycloak"
security-domain, but it does not make any difference.
I am trying to invoke EJBContext.getCallerPrincipal() in my stateless EJB which always
returns a SimplePrincipal with name anonymous. This is only true for my real application.
Everything is working as expected in my test application, since I inject the Beans
directly in a Servlet Endpoint.
On my real application they are looked up by a jndi lookup on code I have in jar
deployments too. Can you please point me to any other ideas on what else I can try to get
Thank you in advance,
Show replies by date