[jboss-jira] [JBoss JIRA] (ELY-869) Elytron security realms cannot be used only for authorization
Jan Kalina (JIRA)
issues at jboss.org
Fri Jan 13 05:09:00 EST 2017
[ https://issues.jboss.org/browse/ELY-869?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina reopened ELY-869:
----------------------------
> Elytron security realms cannot be used only for authorization
> -------------------------------------------------------------
>
> Key: ELY-869
> URL: https://issues.jboss.org/browse/ELY-869
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Realms
> Affects Versions: 1.1.0.Beta18
> Reporter: Ondrej Lukas
> Assignee: Jan Kalina
> Priority: Blocker
> Attachments: print-roles.war
>
>
> Scenario: I try to configure application server for scenario when different identity stores are used for authentication and authorization (e.g. username/password are stored in LDAP and roles are assigned from Database).
> In case when authentication and authorization is handled by different security realms in Elytron (i.e. aggregate realm is used) then authorization works only in case, when identity store for realm used for authorization includes the username also for authentication. See Steps to Reproduce for more details.
> We request blocker since using different identity stores for authentication and authorization is common scenario which should be provided by Elytron. Even out documentation explicitly mentioned that scenarios [1]:
> ??Consider the case where users are managed in a central LDAP server and application-specific roles are stored in the application’s relational database.??
> I tried this scenario with Properties and Filesystem Realms for authentication and Properties and Ldap Realms for authorization.
> [1] https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/security-architecture/
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list