Loading...

XML

Word

Printable

Type: Feature Request
Resolution: Done
Priority: Blocker
Fix Version/s: 28.0.0.Beta1, 28.0.0.Final
Affects Version/s: None
Component/s: Security
Labels:
None

Git Pull Request:
https://github.com/wildfly/wildfly/pull/16552
[QE] How to address?:
---
[QE] Why QE missed?:
---

Previously, with the Keycloak OIDC adapter, it was possible to propagate an identity from a WAR to an EJB when the WAR and EJB were packaged in an EAR. This was done by configuring Undertow and EJB to use the KeycloakDomain.

With the elytron-oidc-client subsystem, we now use a virtual security domain. With this approach, the identity can be successfully propagated from the web layer to the EJB layer when the EJB is contained in the same WAR. However, if the EJB is located outside the WAR and packaged in an EAR then the identity won't be propagated as described in this example.

More details can also be found in the comments in ~~WFCORE-5178~~.

A related problem was also mention on the user forum about identity propagation across EARs.

is cloned by

WFCORE-6190 Support for identity propagation from a WAR to an EJB in an EAR when using OIDC

Closed

is depended on by

WFLY-17312 Allow configuration of role claims for OpenID Connect

Open

WFLY-17333 Allow Wildfly OIDC to be part of Elytron security domain / realms

Open

is related to

WFLY-17781 Ensure a virtual SecurityDomain is created if necessary when an EJB references a virtual security domain

Closed

WFLY-17784 Add a test case that makes use of a virtual-security-domain with MP-JWT

Closed

WFLY-17785 Fix intermittent failures in OidcIdentityPropagationTestCase

Closed

(1 is related to)

Assignee:: Farah Juma

Reporter:: Farah Juma

Votes:: 12 Vote for this issue

Watchers:: 17 Start watching this issue

Created:: 2022/08/11 8:32 PM

Updated:: 2023/07/31 6:49 PM

Resolved:: 2023/03/29 8:14 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates