Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-16494

OIDC authentication is not propagated to EJB layer: sessioncontext.getCallerPrincipal() returns Anonymous for OIDC authenticated user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 26.1.1.Final
    • EJB, Security
    • None
    • Hide

      Deployed application with openid-connect/OIDC authentiation of Keycloak following http://www.mastertheboss.com/jbossas/jboss-security/secure-wildfly-applications-with-openid-connect/

       

      Create a @Stateless class with:

          @Resource
          private SessionContext sessionContext;

      ...

      sessionContext.getCallerPrincipal().getClass() returns 

      org.wildfly.security.auth.principal.AnonymousPrincipal

       

      Show
      Deployed application with openid-connect/OIDC authentiation of Keycloak following http://www.mastertheboss.com/jbossas/jboss-security/secure-wildfly-applications-with-openid-connect/   Create a @Stateless class with:     @Resource     private SessionContext sessionContext; ... sessionContext.getCallerPrincipal().getClass() returns  org.wildfly.security.auth.principal.AnonymousPrincipal  
    • ---
    • ---

      After login to Wildfly v26 with OIDC connector I get org.wildfly.security.http.oidc.OidcSecurityContext as http request attribute and I can see an authenticated user name and the roles.

      However EJB sees it as anonymous user:  When I inject @Resource SessionContext in Stateless bean, sessionContext.getCallerPrincipal() is returned as org.wildfly.security.auth.principal.AnonymousPrincipal. Keycloak adapter used to return a KeycloakPrincipal with full info.

      Any other configuration needed to propagate security to EJB level?

        1. screenshot-1.png
          screenshot-1.png
          12 kB
        2. simple-webapp-oidc.zip
          7 kB
        3. standalone-full-ha.xml
          41 kB

            fjuma1@redhat.com Farah Juma
            andrius.karpavicius Andrius Karpavicius (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: