Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-17333

Allow Wildfly OIDC to be part of Elytron security domain / realms


    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 27.0.0.Final
    • Security
    • None
    • ---
    • ---

      We are currently using Keycloak with Wildfly 24 using the Keycloak Adapter.  Our application consists of an ear with embedded wars, as well as an embedded EJB

      There is a singly elytron security domain, and a number of elytron security realms.  Different WARs may use different security realms, achieved using realm-mappers on the http-authentication-factory (multiple factories)

      Using the KeycloakSecurityRealm from the adapter allows us to integrate this into the existing Elytron configuration.  

      This is important as we currently use an aggregate realm to add additional roles that are not supplied by keycloak.  

      In addition we have principal transformers that change the principal name (as the internal data of the app expects certain prefixes and suffixes).

      I have not seen a way to get the built in OIDC support to do the above, and without it we could not move beyond using the adapter.  

      OIDC needs to have first class Elytron support in the same way as the adapter does otherwise functionality is lost.

            fjuma1@redhat.com Farah Juma
            ianmacintyre Ian MacIntyre
            2 Vote for this issue
            5 Start watching this issue