The diference is that I use for IDP realm the Database module from JAAS.
I've migrated theses applications from JBossAS7 to Wilfly9 recently and after this changes, I'm seeing a strange behaviour: apparently when a user logs in the app his roles are charged in IDP session and shared with the SPs apps. But if i change the users roles and this user logout and login, the roles aren't updated, they still the same, only if i restart de server theses roles are updated.
And for my principalsQuery I have a column that store if a user is able to login or not. If the user is logged and I change on database this column asserting that user is not able to login, even if him makes a logout, he continues to log in the apps. This behaviour looks like the same as previous talk. If the server is restarted the user is not able to log anymore.
All theses situation didn't occur when the serves was the JBossAS7.