I'm migrating a "legacy" LoginModule relying on Picketbox to Elytron. As we're using a custom Principal implementation in our application I created a Principal Transformer to create this "CustomPrincipal" from the default "NamePrincipal".
But if I activate my PrincipalTransformer the authentication fails...
I assume that the problem is in the LdapSecurityRealm in line 180 where it checks for the principal to be of type "NamePrincipal" ...
The following configuration of the domain allow to authenticate successfully:
"default-realm" => "app-ldap-realm",
"evidence-decoder" => undefined,
"outflow-anonymous" => false,
"outflow-security-domains" => undefined,
"permission-mapper" => "default-permission-mapper",
"post-realm-principal-transformer" => undefined,
"pre-realm-principal-transformer" => undefined,
"principal-decoder" => "app-principal-decoder",
"realm-mapper" => "app-realm-mapper",
"realms" => [{
"realm" => "app-ldap-realm",
"role-mapper" => "app-constant-role-mapper"
}],
"role-decoder" => undefined,
"role-mapper" => undefined,
"security-event-listener" => undefined,
"trusted-security-domains" => undefined
After defining the following code as "post-realm-principal-transformer" authentication fails:
===
private static final PrincipalTransformer DELEGATE = PrincipalTransformer.from(principal -> new UserPrincipal(1, principal.getName()));
===
I set logging to trace and when failing the following output shows:
12:53:10,953 TRACE [org.wildfly.security] (default task-1) Principal assigning: [CLEAR_TEXT_USER%3Ag.hilling%3A], pre-realm rewritten: [g.hilling], realm name: [app-ldap-realm], post-realm rewritten: [g.hilling(id: 1, no costcenter)], realm rewritten: [g.hilling(id: 1, no costcenter)]
12:53:10,953 DEBUG [org.wildfly.security.http.basic] (default task-1) User CLEAR_TEXT_USER%3Ag.hilling%3A authentication failed.
12:53:10,953 TRACE [org.wildfly.security] (default task-1) Handling AuthenticationCompleteCallback: fail
During successful authentication the instead of "authentication failed" I get:
12:51:27,205 DEBUG [org.wildfly.security] (default task-1) Obtaining lock for identity [g.hilling]...
12:51:27,205 DEBUG [org.wildfly.security] (default task-1) Obtained lock for identity [g.hilling].