The only thing that would be blocked are users of the associated security domain. This is a known issue:
The only workaround is to preload the security cache to avoid the excessively long authentication process.
Thanks alot for your answer. Same security domain means in our case the main application deployed on JBoss.
I had a look at the comments in the database and explains quite well the problem we encounter. However though the bug is known i cannot see any timing line for expected solution.
In my case i can see only the following practical solution:
A) switch to another authentication mode LDAP (username and yet another password to remember for our user community)
B) Switch to programatic vs configuration authentication & authorization. Which means that i have to review the code and introduce potential weaknesses in the security concepts.
C) Migrate to another Application Server (which i would like to avoid as i am getting familar with JBoss and i like it quite a bit.)
PS:I would like to feliciate you and the whole JBoss team & community for the spent efforts and i am sure you will find a smart solution to the problem
Well .... I'm having the same problem
The is not a major bug but a fatal one, which makes the JBoss JAAS model useless!!
Any progress ?