fuero

Asked: 2021-09-17 03:17:13 +0800 CST2021-09-17 03:17:13 +0800 CST 2021-09-17 03:17:13 +0800 CST

Wildfly Elytron container managed authentication with federated SAML2 IDP

I'm trying to set up container-managed authentication with Wildfly 24 and would like to use an existing (federated) Shibboleth IDP.

I haven't found docs detailing that use case, so I opted for the proxy auth scenario, e.g. Apache + Shibboleth SP connecting via AJP to Wildfly.

The Elytron docs mention "external" http authentication, meaning passing on REMOTE_USER as a principal. What it doesn't include is how to get roles from the SP (or any other authenticating proxy for that matter).

What I want to know is:

How can I get roles mapped from another AJP attribute / HTTP header without resorting to another data store like LDAP? Can I get additional attributes into the principal as well, like e.g. a mail address?
Is there an alternative way to set up SAML2 with Wildfly? Keycloak support is rather limited, as it assumes a single (Keycloak) IDP. Picketlink is limited as well and deprecated.
Alternatively, would OIDC work this way? How would I set this up?

Wildfly Elytron container managed authentication with federated SAML2 IDP

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Wildfly Elytron container managed authentication with federated SAML2 IDP

0 Answers