Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-3767

Ability to configure each aggregated realm separately

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Duplicate
    • Major
    • None
    • None
    • Security
    • None

    Description

      The use-case is EXTERNAL + role derived from mgmt-groups.properties. To achieve this use-case a realm aggregate is needed. Each aggregated realm can't be configured with its own principal-transformer. So each realm is impacted by the transformer set on the aggregation.
      Allowing to configure each realm separately would offer the flexibility to isolate principal transformation for authorisation and not impact authentication.

      Authentication impact is quite important, an alias in the trust-store and the decoded principal must match exactly. Something that shouldn't be made mandatory in this case.

      Attachments

        Issue Links

          duplicates

          Feature Request - Feature requests from customers and/or users WFCORE-4496 Need to use principal-transformer in aggregate-realm in between authentication-realm and authorization-realm

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              jdenise@redhat.com Jean Francois Denise
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: