[jboss-jira] [JBoss JIRA] (WFCORE-3767) Ability to configure each aggregated realm separately
Jean-Francois Denise (JIRA)
issues at jboss.org
Thu Apr 26 05:31:01 EDT 2018
[ https://issues.jboss.org/browse/WFCORE-3767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13567455#comment-13567455 ]
Jean-Francois Denise commented on WFCORE-3767:
----------------------------------------------
I just attached a cone extract with what I am doing and what I would like to do.
> Ability to configure each aggregated realm separately
> -----------------------------------------------------
>
> Key: WFCORE-3767
> URL: https://issues.jboss.org/browse/WFCORE-3767
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Security
> Reporter: Jean-Francois Denise
> Assignee: Darran Lofthouse
> Attachments: conf-extract
>
>
> The use-case is EXTERNAL + role derived from mgmt-groups.properties. To achieve this use-case a realm aggregate is needed. Each aggregated realm can't be configured with its own principal-transformer. So each realm is impacted by the transformer set on the aggregation.
> Allowing to configure each realm separately would offer the flexibility to isolate principal transformation for authorisation and not impact authentication.
> Authentication impact is quite important, an alias in the trust-store and the decoded principal must match exactly. Something that shouldn't be made mandatory in this case.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list