OIDC and Role mapping from Own DB

[Naresh Shrestha]

Thanks in advance. I just implemented the oidc system which was so fluent. My goal is to implement the Authorization Code flow where OIDC_IDP handles user identity, and WildFly retrieves roles and permission from a local DB. I have mapped the Id and the roles in my database and according to which our application will know the authZ. 

Problem I am facing.
I am now encountering 400 invalid_grant errors and infinite redirect loops, despite ensuring the Allowed Callback URLs in OIDC_IDP exactly match the redirect URIs observed in the browser network logs.  

What I Did:
Created a JDBC Realm: configured to query  user_role table using the OIDC sub ID (oidc_id column) to fetch roles.  

I also tried using aggregate-realm and mapped authN and authZ realm but, later found out this is not the best practice.

How can I solve this problem and what is the best practice to follow?
Wildfly version that I am using is 26.1.2

[Naresh Shrestha]

Following up to my question, When we use OIDC Login auth-method automatically create and make use of its own virtual security domain across the deployment. Is there a way to override and let it use custom security domain?

[Diana Krepinska]

It isn't possible to override the virtual security domain nor edit it right now. This seems to relate to the unresolved issue https://issues.redhat.com/browse/WFLY-17333 . You can add a vote and add yourself as a watcher on it.

[Naresh Shrestha]

Sure. Thank you.