-
1. Re: Why Elytron realms are limited to use NamePrincipal only
dlofthouse Mar 27, 2018 6:23 AM (in response to qkxy)Do you have an example of how you are aggregating the realms so we can check? Generally the decision within a single realm would be "If I only return a NamePrincipal that is all I expect to see" but that may be an invalid assumption we need to correct.
-
2. Re: Why Elytron realms are limited to use NamePrincipal only
qkxy Mar 27, 2018 6:39 AM (in response to dlofthouse)I have installed Keycloak as described in the Keycloak documentation and created an aggregate realm and set KeycloakDomain to use this aggregate realm:
<security-domain name="KeycloakDomain" default-realm="KeycloakSAMLRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit" > <realm name="KeycloakSAMLRealm" /> </security-domain> </security-domains> <security-realms> <custom-realm name="KeycloakSAMLRealmOrig" module="org.keycloak.keycloak-saml-wildfly-elytron-adapter" class-name="org.keycloak.adapters.saml.elytron.KeycloakSecurityRealm" /> <properties-realm name="ApplicationRealm"> <users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm"/> <groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </properties-realm> <aggregate-realm name="KeycloakSAMLRealm" authentication-realm="KeycloakSAMLRealmOrig" authorization-realm="ApplicationRealm" />
Keycloak authenticate with a SAML claim and calls ApplicationRealm for authorization but it exists with user not found because Keycloak uses SamlPrincipal.
-
3. Re: Why Elytron realms are limited to use NamePrincipal only
mchoma Mar 28, 2018 2:05 AM (in response to qkxy)In the meantime you can use custom security realm. [1]
GitHub - hkalina/custom-elytron-realm: Simple custom Elytron security realm
-
4. Re: Why Elytron realms are limited to use NamePrincipal only
qkxy Mar 28, 2018 3:08 AM (in response to mchoma)Thank you, I have done something similar: I modified the Property realm to use as a custom realm.