Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-24106

[GSS](7.4.z) ELY-2468 - Security context propagation across deployments when using the RH-SSO OIDC adapter with EAP 7.4

    XMLWordPrintable

Details

    Description

      The RH-SSO OIDC adapter makes use of the KeycloakSecurityRealm once an identity has been successfully established using OIDC. This security realm uses a KeycloakPrincipal to represent a realm identity principal.

      The problem occurs when attempting to outflow a security identity from the corresponding KeycloakDomain to another Elytron security domain. In particular, Elytron's security realm implementations require a realm identity principal to be a NamePrincipal (as shown in a realm here). Because the principal that we're trying to outflow is a KeycloakPrincipal instead of a NamePrincipal, the outflow step fails since the target realm's getRealmIdentity method will just return a NON_EXISTENT identity. This causes security context propagation across deployments to fail.

      Environment: JBoss EAP 7.4.x

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-24081 (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. ELY-2468 Update getRealmIdentity so that it attempts to convert the given Principal to NamePrincipal if necessary

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              fjuma1@redhat.com Farah Juma
              rhn-support-saatmaku Santoshi saatmaku
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: