Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2468

Update getRealmIdentity so that it attempts to convert the given Principal to NamePrincipal if necessary


      The RH-SSO OIDC adapter makes use of the KeycloakSecurityRealm once an identity has been successfully established using OIDC. This security realm uses a KeycloakPrincipal to represent a realm identity principal.

      Elytron's security realm implementations require a realm identity principal to be a NamePrincipal (as shown in a realm here). When trying to outflow an identity from the KeycloakDomain to an Elytron security domain, we run into a problem because the principal that we're trying to outflow is a KeycloakPrincipal instead of a NamePrincipal. Thus, the outflow step fails since the target realm's getRealmIdentity method will just return a NON_EXISTENT identity. 

      The getRealmIdentity method in Elytron security realm implementations should be updated so that if the given Principal isn't an instance of NamePrincipal, we try to convert it to a NamePrincipal if possible.

            fjuma1@redhat.com Farah Juma
            fjuma1@redhat.com Farah Juma
            0 Vote for this issue
            2 Start watching this issue