Help needed on migrating customized JAAS Based authentication to Elytron security

[Arulkumar Ponnusamy]

Hi All, 

we currently using wildfly 24 with legacy security system for our application subsystem and trying to use the elytron subsystem for securing our application since the legacy security subsytem going to be removed soon. 

currently our application is authenticated by programmatically using javax.security.auth.spi.LoginModule implementation since we use multiple way of authentication/authroizing the users like, LDAP, TACACS, PKI, DB etc. 

I know this https://docs.jboss.org/author/display/WFLY/Migrate%20Legacy%20Security%20to%20Elytron%20Security.html

for migrating existing JAAS to elytron but i could not find our use cases on this guide. 

does anyone have experience/reference on migrating customized JAAS based   authentication to elytron subsystem?

[dvilkola]

Hi,

you can look into custom security realms in Elytron. Maybe this will help: http://www.mastertheboss.com/jbossas/jboss-security/how-to-create-a-custom-elytron-realm/ . There is also an ongoing issue for migrating custom login modules to elytron security realm https://issues.redhat.com/browse/WFCORE-5483 but note that login modules that depend on picketbox are out of scope for it.

[Arulkumar Ponnusamy]

Hi Dvilkola.

Thanks a lot for sharing the ongoing issues. in our use cases, we uses the picketbox libs for propagating the principal based on the login users and need to find a way for replacing this logic. do you have any idea whether the reported issues to be part of wildfly 25?

Regards,

Arulkumar Ponnusamy

[dvilkola]

The issue I linked will not be a part of wildfly 25. When using picketbox it is needed to migrate to elytron security realm, because picketbox will be removed. You can also checkout another blog post on custom security realms here https://hkalina.github.io/2018/06/06/custom-realm/