I have defined a custom AssertionExecutor with a specific Token. I have deployed the AssertionExecutor and IdentityAsserter.
In the AssertionExecutor, I am trying to set the subject with : Subject subj = Authentication.assertIdentity(TOKEN_TYPE, user);
With WSL Version 220.127.116.11, it was ok, now with 18.104.22.168 I have following error :
java.lang.SecurityException: isAccessAllowed: currentSubject: principals= does not have permission to assert identity of type xxAssertionToken in realm weblogicDEFAULT
Where can I set the right permission ?
I think I found the issue. The domain has a security policy specifically to control Identity Assertion.
Domain > Security > Policies > Identity Assertion
Add a new policy that will allow access to Identity Assertion. I've allowed access to everyone in my dev environment and I no longer get the error.