[jboss-jira] [JBoss JIRA] (WFCORE-3767) Ability to configure each aggregated realm separately
Jean-Francois Denise (JIRA)
issues at jboss.org
Thu Apr 26 03:39:00 EDT 2018
Jean-Francois Denise created WFCORE-3767:
--------------------------------------------
Summary: Ability to configure each aggregated realm separately
Key: WFCORE-3767
URL: https://issues.jboss.org/browse/WFCORE-3767
Project: WildFly Core
Issue Type: Enhancement
Components: Security
Reporter: Jean-Francois Denise
Assignee: Darran Lofthouse
The use-case is EXTERNAL + role derived from mgmt-groups.properties. To achieve this use-case a realm aggregate is needed. Each aggregated realm can't be configured with its own principal-transformer. So each realm is impacted by the transformer set on the aggregation.
Allowing to configure each realm separately would offer the flexibility to isolate principal transformation for authorisation and not impact authentication.
Authentication impact is quite important, an alias in the trust-store and the decoded principal must match exactly. Something that shouldn't be made mandatory in this case.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list