Propagating authentication from mod-cluster/ajp to JBoss EAP 7.1 or later with Elytron Security

Solution Verified - Updated -

Issue

  • How to configure the security-domain to accept the incoming authenticated users
  • How to configure something similar to tomcatAuthentication=false
  • How to allow bypassing its authentication and correctly populate getRemoteUser and getUserPrincipal

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.1 or later
  • Elytron Security
  • Front-end Apache authentication
  • Apache JServ Protocol (AJP) connection
  • Roles / authorization provided by JBoss EAP.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In