[jboss-jira] [JBoss JIRA] (WFCORE-3767) Ability to configure each aggregated realm separately
Martin Švehla (JIRA)
issues at jboss.org
Thu Apr 26 06:50:00 EDT 2018
[ https://issues.jboss.org/browse/WFCORE-3767?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13567518#comment-13567518 ]
Martin Švehla commented on WFCORE-3767:
---------------------------------------
[~dlofthouse] from our point of view it should be RFE. Our criteria isn't size of the feature as much as if/how it is visible to users. If it influences configuration, it should be RFE. Besides QE, the docs team will have to get involved too to document the changes in the subsystem.
I suggest transforming PRODMGT-1865 (the one that [~mchoma] mentioned) to EAP7 RFE and do this jira as part of this new RFE.
If the feature is small, we don't need to do overly complicated analysis/test plan documents and it still can be processed fast ;)
[~kabirkhan] any objections?
> Ability to configure each aggregated realm separately
> -----------------------------------------------------
>
> Key: WFCORE-3767
> URL: https://issues.jboss.org/browse/WFCORE-3767
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Security
> Reporter: Jean-Francois Denise
> Assignee: Darran Lofthouse
> Attachments: conf-extract
>
>
> The use-case is EXTERNAL + role derived from mgmt-groups.properties. To achieve this use-case a realm aggregate is needed. Each aggregated realm can't be configured with its own principal-transformer. So each realm is impacted by the transformer set on the aggregation.
> Allowing to configure each realm separately would offer the flexibility to isolate principal transformation for authorisation and not impact authentication.
> Authentication impact is quite important, an alias in the trust-store and the decoded principal must match exactly. Something that shouldn't be made mandatory in this case.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list