Propagating authentication from mod-cluster/ajp to JBoss EAP 7.1 or later with Elytron Security

Solution Verified - Updated -


  • How to configure the security-domain to accept the incoming authenticated users
  • How to configure something similar to tomcatAuthentication=false
  • How to allow bypassing its authentication and correctly populate getRemoteUser and getUserPrincipal


  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 7.1 or later
  • Elytron Security
  • Front-end Apache authentication
  • Apache JServ Protocol (AJP) connection
  • Roles / authorization provided by JBoss EAP.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In