Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-16793

Support for identity propagation from a WAR to an EJB in an EAR when using OIDC

    XMLWordPrintable

Details

    Description

      Previously, with the Keycloak OIDC adapter, it was possible to propagate an identity from a WAR to an EJB when the WAR and EJB were packaged in an EAR. This was done by configuring Undertow and EJB to use the KeycloakDomain. 

      With the elytron-oidc-client subsystem, we now use a virtual security domain. With this approach, the identity can be successfully propagated from the web layer to the EJB layer when the EJB is contained in the same WAR. However, if the EJB is located outside the WAR and packaged in an EAR then the identity won't be propagated as described in this example.

      More details can also be found in the comments in WFCORE-5178.

      A related problem was also mention on the user forum about identity propagation across EARs.
       

       

      Attachments

        Issue Links

          is cloned by

          Feature Request - Feature requests from customers and/or users WFCORE-6190 Support for identity propagation from a WAR to an EJB in an EAR when using OIDC

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is depended on by

          Feature Request - Feature requests from customers and/or users WFLY-17312 Allow configuration of role claims for OpenID Connect

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Feature Request - Feature requests from customers and/or users WFLY-17333 Allow Wildfly OIDC to be part of Elytron security domain / realms

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open
          is related to

          Task - Represents a small unit of work that is not end-user facing. WFLY-17784 Add a test case that makes use of a virtual-security-domain with MP-JWT

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved

          Task - Represents a small unit of work that is not end-user facing. WFLY-17781 Ensure a virtual SecurityDomain is created if necessary when an EJB references a virtual security domain

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Task - Represents a small unit of work that is not end-user facing. WFLY-17785 Fix intermittent failures in OidcIdentityPropagationTestCase

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              fjuma1@redhat.com Farah Juma
              fjuma1@redhat.com Farah Juma
              Votes:
              12 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: