Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Identity Propagation with OpenID Connect
32 views
Skip to first unread message
jyoti grover
Dec 25, 2024, 1:59:44 PM12/25/24
to WildFly
Hello,
This is in reference to the article -
https://wildfly-security.github.io/wildfly-elytron/blog/wildfly-oidc-identity-propagation/
I am using Wildfly 30 - WildFly Full 30.0.1.Final to be precise
I have a deployable i.e an EAR consisting of a WAR which is my web module and a JAR consisting of various beans configured for remote invocation.
I have applied Elytron OIDC client as explained in the article above to integrate with keycloak using the subsystem -
<subsystem xmlns="urn:wildfly:elytron-oidc-client:2.0">
The web module works fine after the integration - redirection to the keycloak happens and even authorization and authentication work fine here.
To apply the same virtual domain to the beans now in the JAR, I am required to specify an annotation @SecurityDomain to each bean.
I was expecting instead of adding an annotation it is possible to specify virtual domain in the jboss-ejb3.xml (bundled in META-INF) as follows -
<assembly-descriptor>
<s:security>
<ejb-name>*</ejb-name>
<s:security-domain>myVirtualDomain</s:security-domain>
<s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
</s:security>
</assembly-descriptor>
But this does not seem to take effect. Is this a bug or any additional configuration is needed in jboss-ejb3.xml for identity propagation to work without annotation but with configuration instead?
This is in reference to the article -
https://wildfly-security.github.io/wildfly-elytron/blog/wildfly-oidc-identity-propagation/
I am using Wildfly 30 - WildFly Full 30.0.1.Final to be precise
I have a deployable i.e an EAR consisting of a WAR which is my web module and a JAR consisting of various beans configured for remote invocation.
I have applied Elytron OIDC client as explained in the article above to integrate with keycloak using the subsystem -
<subsystem xmlns="urn:wildfly:elytron-oidc-client:2.0">
The web module works fine after the integration - redirection to the keycloak happens and even authorization and authentication work fine here.
To apply the same virtual domain to the beans now in the JAR, I am required to specify an annotation @SecurityDomain to each bean.
I was expecting instead of adding an annotation it is possible to specify virtual domain in the jboss-ejb3.xml (bundled in META-INF) as follows -
<assembly-descriptor>
<s:security>
<ejb-name>*</ejb-name>
<s:security-domain>myVirtualDomain</s:security-domain>
<s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
</s:security>
</assembly-descriptor>
But this does not seem to take effect. Is this a bug or any additional configuration is needed in jboss-ejb3.xml for identity propagation to work without annotation but with configuration instead?
Can anyone please share any insights on the issue or an example where such a configuration works ?
Thanks !
Reply all
Reply to author
Forward
0 new messages