Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11108

Elytron migration: single security domain per deployment

    XMLWordPrintable

Details

    Description

      With Elytron security, deployments are limited to using one security domain per deployment. There should be documentation showing how to aggregate multiple identity store into common authentication policy in one Elytron security domain.
      As previously this was not the case, the following scenarios should be documented as the bare minimum:

      • Aggregate previously used PicketBox security realms backed by different security providers into single common authentication policy represented by Elytron security domain. The most common scenarios include (but are not limited to):
        • LDAP with failover to DB/properties file,
        • two LDAP servers,
        • Kerberos with fallback to different authentication method if the authentication fails.
      • Migrating deployments using servlets and beans with different security domains.
      • Migrating deployments using multiple beans with different security domains.
      • Describe principal and role propagation (for example in EJBs) between security domains and deployments and the behaviour differences from legacy security.

      Attachments

        Issue Links

          blocks

          Requirement - Used for conducting internal reviews of our products and process with 3rd party auditors JBEAP-7197 [7.1] Migration - Provide EAP 7.0 and EAP 7.1 Compatibility for security subsystem

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is caused by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9289 EJB deployments with multiple Elytron application security domains cannot be deployed

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10980 @RunAs role authorization does not propagate across deployments backed by different Elytron security domains

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11536 [Doc RFE] '@RunAs' role authorization does not propagate across deployments backed by different Elytron security domains

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              rhn-support-ahoffer Andrea Hoffer
              mjurc@redhat.com Michal Jurc
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: