[jboss-jira] [JBoss JIRA] (WFCORE-4485) Support for multiple security realms - Distributed Identities

Lumir Navrat (Jira) issues at jboss.org
Thu Jun 13 04:26:00 EDT 2019 

    [ https://issues.jboss.org/browse/WFCORE-4485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13746194#comment-13746194 ] 

Lumir Navrat commented on WFCORE-4485:
--------------------------------------

Our use case is this:

Eclipse RCP remote thick client that connect to WF server.
1. during connect to WF input username and password.
2. on server is now Elytron intermediate configuration that pass ot to JAAS. Where is configured our custom WinCoreLoginModule with sufficent and standard JDBC server login module. with sufficent too.

When user isn't authenticated in WinCoreModule than it is tried if exists in database. Our WinCoreModule allow authenticate user to the windows credentional store located on computer where server is running. In case when WF is instaled on same machine as thick client => clients computer.
I'm not sure if real mapper is usable in our use case. Because username is in same format for both login modules.

> Support for multiple security realms - Distributed Identities
> -------------------------------------------------------------
>
>                 Key: WFCORE-4485
>                 URL: https://issues.jboss.org/browse/WFCORE-4485
>             Project: WildFly Core
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Farah Juma
>            Priority: Major
>              Labels: CD17-Deferred, EAP-CD19, Previous_RFE
>             Fix For: 11.0.0.Beta1
>
>
> By stacking LoginModules it was possible using PicketBox to attempt to authenticate using one remote store and if that failed try the next store in the list.
> This RFE is to consider the use case where identities could be located across multiple stores and how they are aggregated together.
> Additionally this use case should consider how the authorization information could be loaded from multiple sources and merged.
> This RFE is not about fail over in the event of a realm being unavailable although it may be related.
> This RFE is created as a result of comparing the differences between the PicketBox JAAS architecture and the Elytron architecture so I would not recommend this proceeds without some real world use cases identified.



--
This message was sent by Atlassian Jira
(v7.12.1#712002)

More information about the jboss-jira mailing list