Loading...

XML

Word

Printable

Details

Type: Feature Request
Resolution: Done
Priority: Major
Fix Version/s: 1.1.0.Beta9
Affects Version/s: None
Component/s: Realms
Labels:
None

Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/396, https://github.com/wildfly-security/wildfly-elytron/pull/400, https://github.com/wildfly-security/wildfly-elytron/pull/409

Description

At the lowest level a users identity is associated with a single SecurityRealm, two accounts that authenticated against different realms will never be considered equal.

However on top of this we have the security domains, a security domain amongst other things is an aggregation of realms. Incoming server connections and also applications can be associated with a security domain. However we still have the following two scenarios of a call to complete the consideration for: -

Connection -> Deployment
Deployment -> Deployment

In the first case the connection may be associated with a security domain with a large set of realms, however the deployment may be associated with a smaller set of realms. In the case that the realm is in both of these domains we need the identity to be able to automatically propagate.

Same for deployment to deployment calls, if there is a common realm the identity should propagate.

Attachments

Issue Links

relates to

ELY-503 Add a PeerIdentitiesAssignedState to the ServerAuthenticationContext state machine

Resolved

Activity

People

Assignee:: Farah Juma

Reporter:: Darran Lofthouse

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2015/04/17 8:27 AM

Updated:: 2016/09/02 10:29 AM

Resolved:: 2016/09/02 10:29 AM