SASL mechanism filtering in Elytron ExternalSasl* factories differs from Oracle one.

http://docs.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html

Oracle has EXTERNAL mechanism valid for policies:

• javax.security.sasl.policy.noplaintext
• javax.security.sasl.policy.noactive
• javax.security.sasl.policy.nodictionary

Elytron factories doesn't allow EXTERNAL mechanism for these filtering properties set to true.

rhn-support-dlofthouse If the changed filtering policy is intentional, please reject this issue.