-
Task
-
Resolution: Done
-
Major
-
None
-
None
As we migrate to WildFly Elytron the realm attribute in role mapping is no longer relevant and has no meaning in the pure Elytron case and so should be deprecated.
It was originally added so each management interface could be associated with a different security realm and then roles assigned based on which realm was used for authentication.
WildFly Elytron solves this in a different way by allowing different security domains to be used for the management interfaces and then a third domain can optionally be used for the identity to inflow to - this inflowing allows for the role mapping to be re-applied so there is no longer a need for realm specific mappings in the RBAC mappings (which are also now optional).