Planned Security Features for WildFly

Currently, credential store references can be used anywhere in the model where a credential needs to be specified. This feature will make it possible to encrypt other attribute values stored in the management model. More details can be found here.

The host and port information of the peer that we are connecting to is available when an SSLEngine is being created. This feature looks at making use of this information to dynamically select which SSL context to use. More information can be found here.

This feature will make it possible to register a JVM wide default SSL context for libraries that make use of Elytron client configuration. Additional information can be found here.

Currently, it is only possible to configure a trust manager to make use of one certificate revocation list. This feature will make it possible to configure multiple certificate revocation lists (e.g., for the case where more than one certificate authority is being used). More details on this can be found here.

In certain cases, the principal associated with an unsecured EJB can differ depending on whether Elytron or legacy security is in use. This feature will make it possible for users to decide which behaviour they would like to use. More information can be found here.

This feature will make it possible for security realms to store hashed passwords in hex format, in addition to Base64 format. It will also make it possible to configure the character set to use when processing a user’s password. More details can be found here.

WildFly currently provides the ability to secure deployments using OpenID Connect (OIDC) by installing a Keycloak client adapter. By adding native support for OpenID Connect to Elytron, the Keycloak client adapter will no longer be needed to secure applications deployed to WildFly using OIDC. More details can be found here.