Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-6190

Support for identity propagation from a WAR to an EJB in an EAR when using OIDC


      Previously, with the Keycloak OIDC adapter, it was possible to propagate an identity from a WAR to an EJB when the WAR and EJB were packaged in an EAR. This was done by configuring Undertow and EJB to use the KeycloakDomain. 

      With the elytron-oidc-client subsystem, we now use a virtual security domain. With this approach, the identity can be successfully propagated from the web layer to the EJB layer when the EJB is contained in the same WAR. However, if the EJB is located outside the WAR and packaged in an EAR then the identity won't be propagated as described in this example.

      More details can also be found in the comments in WFCORE-5178.

      A related problem was also mention on the user forum about identity propagation across EARs.


            fjuma1@redhat.com Farah Juma
            fjuma1@redhat.com Farah Juma
            0 Vote for this issue
            3 Start watching this issue