we upgrade to WildFly 26.1.3.Final and use a JDBC or LDAP-Connection for Authentification. Now we need an OAuth-Authentification and can use the new "elytron-oidc-client"-Module.
We have configured it as:
<subsystem xmlns="urn:wildfly:elytron-oidc-client:1.0">
<secure-deployment name="lis.war">
<provider-url>https://XXX/auth/realms/XXX</provider-url>
<principal-attribute>preferred_username</principal-attribute>
<client-id>lis</client-id>
<use-resource-role-mappings>true</use-resource-role-mappings>
<credential name="secret" secret="XXX"/>
</secure-deployment>
</subsystem>
For the Deployment "lis.war" it works (redirect to Keyklock, login, redirekt to lis.war) and we got a OAuth-Cookie and the JSESSIONID-Cookie. But we need a JSESSIONIDSSO-Cookie also for other deployments. I tried many configurations in the standalone.xml but i can´t find a way to say that this Authenthication-Method needs SSO. With a JDBC or LDAP-Connection we can connect the security-domain with a http-authentication-factory:
<application-security-domains>
<application-security-domain name="opusP" http-authentication-factory="opusP-http-auth" override-deployment-config="true">
<single-sign-on domain="localhost" key-store="ssoKS" key-alias="localhost">
<credential-reference clear-text="secret"/>
</single-sign-on>
</application-security-domain>
How can we do this with an OpenID-Module?
Maybe it is not possible because of the virtual security? -> https://docs.wildfly.org/26.1/Admin_Guide.html#virtual-security-2
I tried it with a second application-security-domain and http-authentication-factory with no success. In my opinion the subsystem "elytron-oidc-client" need´s a configuration for a security-domain or SSO!
Update 11.10.2024: Same problem with WildFly 28.0.1.Final
