WildFly Full 26 Model Reference

A security realm definition backed by LDAP.

Provided capabilities(2)

Name	Dynamic	Other provider points
org.wildfly.security.security-realm	true	/subsystem=elytron/jaas-realm=* /subsystem=elytron/jdbc-realm=* /subsystem=elytron/filesystem-realm=* /subsystem=elytron/token-realm=* /subsystem=elytron/distributed-realm=* /subsystem=elytron/key-store-realm=* /subsystem=elytron/failover-realm=* /subsystem=elytron/identity-realm=* /subsystem=elytron/custom-modifiable-realm=* /subsystem=elytron/aggregate-realm=* /subsystem=elytron/properties-realm=* /subsystem=elytron/caching-realm=* /subsystem=elytron/custom-realm=*
org.wildfly.security.modifiable-security-realm	true	/subsystem=elytron/custom-modifiable-realm=* /subsystem=elytron/token-realm=* /subsystem=elytron/filesystem-realm=*

Attributes (6)

allow-blank-password Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.

Attribute	Value
Default Value	false
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

dir-context The configuration to connect to a LDAP server.

Attribute	Value
Capability reference	/subsystem=elytron/dir-context=*
Type	STRING
Nillable	false
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services

direct-verification Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?

Attribute	Value
Default Value	false
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

hash-charset The character set to use when converting the password string to a byte array.

Attribute	Value
Default Value	UTF-8
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	resource-services

hash-encoding The string format for the password if it is not stored in plain text.

Attribute	Value
Default Value	base64
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	resource-services
Allowed Values	base64 hex

identity-mapping The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.

Attribute	Value
Type	OBJECT
Nillable	false
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services

Operations (8)

add The add operation for the security realm.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
allow-blank-password	BOOLEAN	false	true	false	Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.
dir-context	STRING	true	false		The configuration to connect to a LDAP server.
direct-verification	BOOLEAN	false	true	false	Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?
hash-charset	STRING	false	true	UTF-8	The character set to use when converting the password string to a byte array.
hash-encoding	STRING	false	true	base64	The string format for the password if it is not stored in plain text.
identity-mapping	OBJECT	true	false		The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.

add-identity Add an identity to a security realm.

Request Parameter Type Required Expressions Allowed Default value Description

identity STRING true false The name of the identity.

add-identity-attribute Add an attribute to an existing identity.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
identity	STRING	true	false		The name of the identity.
name	STRING	true	false		The name of the attribute.
value	LIST	true	false		The value of the attribute.

read-identity Read an identity from a security realm if it exists.

Request Parameter Type Required Expressions Allowed Default value Description

identity STRING true false The name of the identity.
remove The remove operation for the security realm.
remove-identity Remove an identity from a security realm.

Request Parameter Type Required Expressions Allowed Default value Description

identity STRING true false The name of the identity.

remove-identity-attribute Remove an attribute to an existing identity.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
identity	STRING	true	false		The name of the identity.
name	STRING	true	false		The name of the attribute.
value	LIST	false	false		The value of the attribute.

set-password Add a password to an existing identity.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
identity	STRING	true	false		The name of the identity.
bcrypt	OBJECT	false	false		A password using the Bcrypt algorithm.
clear	OBJECT	false	false		A password in clear text.
simple-digest	OBJECT	false	false		A simple digest password.
salted-simple-digest	OBJECT	false	false		A salted simple digest password.
scram-digest	OBJECT	false	false		A password using the SCRAM digest algorithm.
digest	OBJECT	false	false		A digest password.
otp	OBJECT	false	false		A one-time password, used by the OTP SASL mechanism.