Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-22952

(7.4.z) ELY-2234 - Allow merge of resource & realm roles on OIDC Client

    XMLWordPrintable

Details

    Description

      Current wildfly-elytron-http-oidc uses the configuration key "use-resource-role-mappings" to decide if resource roles should be added to principal entity here: https://github.com/wildfly-security/wildfly-elytron/blob/55b54b5b79472d3c3624f5c366373fd2606230fa/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityRealm.java#L106

      Problem is that this configuration uses resource OR realm roles only. So this should be changed to map resources AND realm roles.

      The key "use-resource-role-mappings" should be interpreted as "Use resource roles?", but it is actually interpreted as "Use resource roles rather than realm roles?", its ambiguous.

      Also, there is no key to use both roles, so another option could be add more keys to users choices.

      These behavior is inherited from Keycloak Adapter, but with Keycloak Adapter we can build a custom adapter, this will not be possible with Wildfly Elytron implementation.

      Attachments

        Issue Links

          clones

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ELY-2234 Allow merge of resource & realm roles on OIDC Client

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-22973 (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              ceweiler Claudio Weiler
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: