Propagating authentication from mod-cluster/ajp to JBoss EAP 7.1 or later with Elytron Security
Issue
- How to configure the security-domain to accept the incoming authenticated users
- How to configure something similar to tomcatAuthentication=false
- How to allow bypassing its authentication and correctly populate getRemoteUser and getUserPrincipal
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 7.1 or later
- Elytron Security
- Front-end Apache authentication
- Apache JServ Protocol (AJP) connection
- Roles / authorization provided by JBoss EAP.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.