Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2468

Update getRealmIdentity so that it attempts to convert the given Principal to NamePrincipal if necessary

    XMLWordPrintable

Details

    Description

      The RH-SSO OIDC adapter makes use of the KeycloakSecurityRealm once an identity has been successfully established using OIDC. This security realm uses a KeycloakPrincipal to represent a realm identity principal.

      Elytron's security realm implementations require a realm identity principal to be a NamePrincipal (as shown in a realm here). When trying to outflow an identity from the KeycloakDomain to an Elytron security domain, we run into a problem because the principal that we're trying to outflow is a KeycloakPrincipal instead of a NamePrincipal. Thus, the outflow step fails since the target realm's getRealmIdentity method will just return a NON_EXISTENT identity. 

      The getRealmIdentity method in Elytron security realm implementations should be updated so that if the given Principal isn't an instance of NamePrincipal, we try to convert it to a NamePrincipal if possible.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-24521 Update getRealmIdentity so that it attempts to convert the given Principal to NamePrincipal if necessary

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is depended on by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-17541 EESecurityAnnotationProcessor does not detect injections

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-24106 [GSS](7.4.z) ELY-2468 - Security context propagation across deployments when using the RH-SSO OIDC adapter with EAP 7.4

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              fjuma1@redhat.com Farah Juma
              fjuma1@redhat.com Farah Juma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: