Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-14693

[GSS] (7.2.z) Provide Elytron alternative to RoleMappingLoginModule

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Deferred
    • Affects Version/s: 7.1.2.GA
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      In picketbox there is RoleMappingLoginModule [1], which takes role as returned from authorization process and maps to different role. I thought something similar should be configurable with some of Elytron role-mappers. But looking into model/code, it is not obvious to me which of them can be used. I know custom role mapper can be still used, but I wonder if we really do not provide this common funcionality out of the box with Elytron.

      Another workaround is to use direct roles from realm (e.g. LDAP ) in target (e.g. web.xml). But seems users tend to map IDM Roles to applicaiton roles.

      [1] https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/login_module_reference/#rolemapping_login_module

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ivassile Ilia Vassilev
                  Reporter:
                  dehort Derek Horton
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: