The WildFly 11 release includes a new security framework WildFly Elytron, a number of blog posts are being written by a number of engineers so this article is to try and collect references to them in one location.
Although this initially contains links to blog posts written by the core engineering teams feel free to add links to any blog posts you write yourselves looking at different WildFly Elytron features and also links to other public blog posts you may find out there.
Also if there are topics that may be useful to be blogged about please mention them in the comments, anyone looking for some inspiration to write a blog post will then hopefully have some ideas.
Planned Security Features for WildFly 19
Author - Farah Juma
Date - October 2019
Blog post that identifies the security features planned for for WildFly 19.
Planned Security Features for WildFly 19
Support for masked passwords in the client XML configuration
Author - Ashley Abdel-Sayed
Date - September 2019
Blog post that shows how to generate a masked password and use it as a credential in the authentication client configuration.
Support for masked passwords in the client XML configuration
Configuring an aggregate-realm with a principal-transformer
Author - Ashley Abdel-Sayed
Date - September 2019
Blog post that shows how to use a principal-transformer in an aggregate-realm between authentication and authorization.
Configuring an aggregate-realm with a principal-transformer
New Security Features in WildFly 18
Author - Farah Juma
Date - September 2019
An overview of the new security features in WildFly 18
New Security Features in WildFly 18
Upcoming support for automatic updates of credential stores
Author - Farah Juma
Date - September 2019
Blog post that gives an overview of the upcoming support for automatic updates of credential stores.
Upcoming support for automatic updates of credential stores
Enhanced Audit Logging - Additional RFC Support and Reliability vs Speed Customization Update
Author - Justin Cook
Date - August 2019
Blog post on the new enhancements done to WildFly Elytron's audit logging in WildFly 18, providing an update to the previous blog post containing information on the enhancements being worked on.
Using WildFly Elytron's Credential Store APIs
Author - Darran Lofthouse
Date - June 2019
Blog post demonstrating the WildFly Elytron credential store APIs
Darran's WildFly Blog: WildFly Elytron Credential Store APIs
Using Elytron certificate-based authentication with authorization
Author - Farah Juma
Date - June 2019
Blog post on how to secure a web application deployed to WildFly using the CLIENT_CERT HTTP authentication mechanism with two-way SSL and authorization
Using Elytron certificate-based authentication with authorization
Security Features for WildFly 18
Author - Farah Juma
Date - June 2019
Blog post identifying the security features planned for WildFly 18
Security Features for WildFly 18
Configuring a JDBC Security Realm with BCrypt and Modular Crypt Password Mappers
Author - Ashley Abdel-Sayed
Date - June 2019
Blog post that shows how to generate BCrypt passwords with different encodings and loading BCrypt and modular crypt passwords using a JDBC security realm in WildFly Elytron.
Configuring a JDBC Security Realm with BCrypt and Modular Crypt Password Mappers
Enhanced Audit Logging - Additional RFC Support and Reliability vs Speed Customization
Author - Justin Cook
Date - June 2019
Blog post providing an update on the audit logging enhancements of additional RFC support and reliability vs speed customization that is being added to WildFly Elytron.
Security Feature Development for WildFly 17
Author - Darran Lofthouse
Date - June 2019
Blog post providing an update on the security feature development during WildFly 17.
https://darranl.blogspot.com/2019/06/security-feature-development-for.html
Upcoming support for TLS 1.3 with WildFly
Author - Farah Juma
Date - June 2019
Blog post that gives a quick introduction to the upcoming support for TLS 1.3 in WildFly
Upcoming support for TLS 1.3 with WildFly
Mapping an X.509 certificate chain to an identity using a subject alternative name
Author - Farah Juma
Date - June 2019
Blog post that gives an introduction on how we are enhancing the mapping of an X.509 certificate to an underlying identity
Mapping an X.509 certificate chain to an identity using a subject alternative name
Obtain and manage certificates from any server instance that implements ACME specification using the WildFly CLI
Author - Diana Vilkolakova
Date - June 2019
Blog post describing the upcoming feature that allows to configure other ACME certificate authorities than Let's Encrypt for obtaining and managing of certificates.
Elytron integration with Web Services and RESTEasy on the client side
Author - Diana Vilkolakova
Date - June 2019
Blog post about the upcoming Elytron integration with Web Services and RESTEasy on the client side.
Diana Vilkolakova's Blog: Web Services client and RESTEasy client integration with WildFly Elytron
WildFly Elytron Aggregation of Attributes
Author - Darran Lofthouse
Date - June 2019
Blog post describing the upcoming attribute aggregation feature.
Darran's WildFly Blog: WildFly Elytron Aggregation of Attributes
Security Features for WildFly 17
Author - Darran Lofthouse
Date - March 2019
Blog post identifying the security features planned for Wildfly 17
Darran's WildFly Blog: Security Features for WildFly 17
What's new in Elytron in WildFly 16
Author - Farah Juma
Date - February 2019
An overview of the new Elytron features in WildFly 16.
Farah Juma's Blog: What's new in Elytron in WildFly 16
Silent mode for the HTTP BASIC authentication mechanism
Author - Diana Vilkolakova
Date - February 2019
How to set and make use of silent mode for the HTTP BASIC authentication mechanism
Diana Vilkolakova's Blog: HTTP BASIC authentication in silent mode with Wildfly Elytron
Implementing self service for users with Elytron
Author - Diana Vilkolakova
Date - February 2019
An example of how to implement a web application with Elytron API for user's self service
Building web app with authorization and account management using Elytron (Part 2)
Converting Legacy Properties Files into a FileSystemRealm with Elytron Tool
Author - Justin Cook
Date - February 2019
An overview of how to use Elytron Tool to convert legacy properties files into an Elytron FileSystemRealm
Justin Cook's Blog: Converting Legacy Properties Files into a FileSystemRealm with Elytron Tool
Implementing a custom Elytron principal transformer
Author - Farah Juma
Date - February 2019
How to implement and make use of a custom Elytron principal transformer
Farah Juma's Blog: Implementing a custom Elytron principal transformer
Using WildFly Elytron with the Netty HttpServerCodec
Author - Darran Lofthouse
Date - January 2019
An introduction as to how WildFly Elytron could be used with Netty.
Darran's WildFly Blog: Using WildFly Elytron with the Netty HttpServerCodec
Securing an embedded Jetty Server using WildFly Elytron
Author - Farah Juma
Date - January 2019
An introduction as to how WildFly Elytron could be used with Jetty.
Farah Juma's Blog: Securing an embedded Jetty server using Elytron
Dynamically Generating KeyStores, TrustStores, and Certificates with WildFly Elytron
Author - Justin Cook
Date - November 2018
An overview of how to use the new Elytron Examples utility for generating KeyStores, TrustStores, and certificates
Using WildFly Elytron JASPI with Standalone Undertow
Author - Darran Lofthouse
Date - October 2018
How to make use of JASPI with a standalone Undertow.
Darran's WildFly Blog: Using WildFly Elytron JASPI with Standalone Undertow
WildFly Elytron - Credential Store - Next Steps
Author - Darran Lofthouse
Date - September 2018
Some of the features we are planning to introduce with the credential store and related issues to be solved.
Darran's WildFly Blog: WildFly Elytron - Credential Store - Next Steps
Reinitializing a Trust Manager through Two-Way SSL
Author - Justin Cook
Date - August 2018
This blog post gives an overview on how to dynamically reload trust managers using the WildFly CLI.
Justin Cook's Blog: Reinitializing a Trust Manager through Two-Way SSL
Obtaining and managing certificates from Let’s Encrypt using the CLI in WildFly 14
Author - Farah Juma
Date - August 2018
This blog post gives an overview on how to obtain and manage certificates from the Let’s Encrypt certificate authority using the WildFly CLI.
Creating custom security realm for WildFly Elytron
Author - Jan Kalina
Date - June 2018
This blog post gives an overview Elytron permission sets.
Honza's blog: Creating custom security realm for WildFly Elytron
Configuring permissions using Elytron in WildFly 13
Author - Farah Juma
Date - June 2018
This blog post gives an overview Elytron permission sets.
Farah Juma's Blog: Configuring permissions using Elytron in WildFly 13
Certificate authentication with password fallback in Elytron
Author - Jan Kalina
Date - May 2018
This tutorial describes configuration of certificate authentication with password (BASIC/PLAIN) fallback authentication for management interface of WildFly using WildFly Elytron.
Honza's blog: Certificate authentication with password fallback in Elytron
Manipulating KeyStores using the CLI in WildFly 12
Author - Farah Juma
Date - March 2018
This blog post gives an overview of the new KeyStore manipulation operations that are available via the CLI in WildFly 12.
Farah Juma's Blog: Manipulating KeyStores using the CLI in WildFly 12
WildFly Elytron - Implementing a Custom HTTP Authentication Mechanism
Author - Darran Lofthouse
Date - February 2018
How to implement a configure a custom HTTP authentication mechanism.
Darran's WildFly Blog: WildFly Elytron - Implementing a Custom HTTP Authentication Mechanism
Filesystem realm in WildFly Elytron
Author - Jan Kalina
Date - January 2018
What is Filesystem realm and how to manage it.
Honza's blog: Filesystem realm in WildFly Elytron
Elytron and Kerberos using gssproxy
Author - Jan Kalina
Date - January 2018
A blog post describing how configure Kerberos authentication in WildFly using Elytron.
Honza's blog: Elytron and Kerberos using gssproxy
Configuration of Kerberos with Elytron in WildFly
Author - Jan Kalina
Date - January 2018
A blog post describing how configure Kerberos authentication in WildFly using Elytron.
Honza's blog: Configuration of Kerberos with Elytron in WildFly
SSL key switch without server restart
Author - Jan Kalina
Date - October 2017
A blog post describing how to switch certificate and key used for SSL without WildFly restart.
Honza's blog: SSL key switch without server restart
Using OpenSSL with Wildfly and Elytron
Author - Stuart Douglas
Date - October 2017
A blog post describing how to use OpenSSL in WildFly.
Using OpenSSL with Wildfly and Elytron
How to use an Elytron SASL mechanism that supports channel binding
Author - Farah Juma
Date - September 2017
This blog post shows how to set up one-way SSL/TLS for the management interface and how to then use a SASL mechanism that supports channel binding to connect to the CLI.
Farah Juma's Blog: How to use an Elytron SASL mechanism that supports channel binding
WildFly Elytron - Add Kerberos Authentication to Existing Web Application
Author - Darran Lofthouse
Date - September 2017
A blog post describing how to override the authentication policy of an existing web application and add SPNEGO authentication to it.
Darran's WildFly Blog: WildFly Elytron - Add Kerberos Authentication To Existing Web Application
Using WildFly Elytron with Undertow Standalone
Author - Darran Lofthouse
Date - September 2017
Although developed for use within the WildFly application server the WildFly Elytron project can also be used in isolation, this blog post demonstrates how it can be used to secure an embedded Undertow server.
Darran's WildFly Blog: Using WildFly Elytron with Undertow Standalone
Getting started with EJBs and Elytron Part 1: Securing EJBs and invoking them from remote clients
Author - Farah Juma
Date - September 2017
This blog post describes how to secure EJBs deployed to WildFly 11 using Elytron and how to invoke them from a standalone remote client using the new Naming Client and EJB Client libraries.
Getting started with EJBs and Elytron Part 2: EJB invocations from remote servers
Author - Farah Juma
Date - September 2017
This blog post describes how to invoke EJBs deployed on a WildFly server instance from another WildFly server instance using Elytron.
Farah Juma's Blog: Getting started with EJBs and Elytron Part 2: EJB invocations from remote servers
WildFly Elytron - Principal Transformers, Realm Mappings, and Principal Decoders
Author - Darran Lofthouse
Date - July 2017
To control the behaviour during authentication and authorization WildFly Elytron supports the use of various transformers, mappers, and decoders - this blog post describes how they fit together in the different stages of authentication.
WildFly Elytron - SSL Configuration
Author - Darran Lofthouse.
Date - February 2016
An early blog post describing how SSL configuration was being centrally defined within a new subsystem. Written early 2016 it is potentially due to be reviewed as exact commands may have evolved since it was written.
Comments