New Security Features in WildFly 26.1

The Elytron authentication client now provides a Java security provider that can be used to register a JVM wide default SSLContext. When this provider is registered with high enough priority, all client libraries that use SSLContext.getDefault() will obtain an SSLContext instance using the configuration from your Elytron client configuration file. For more details about this new feature and an example of how to use it, check out this blog post.

It’s now possible to encrypt the identity files that back filesystem security realms using a secret key. For all the details about this new feature and a complete guide on how to configure a filesystem-realm with encryption enabled, take a look at this blog post.

The read-alias and read-aliases operations for key stores in the Elytron subsystem have been updated to improve usability. Check out this blog post to learn more.

Since WildFly 25, applications deployed to WildFly can be secured with OpenID Connect, without needing to use the Keycloak client adapter.

In a recent vlog, we show how to use this feature with WildFly on OpenShift.

Our contribution guide helps guide you through the steps for getting started on the WildFly Elytron project and goes through how to format and submit your first PR.

We have created a list of good first issues to help you get started.

If you’d like some help or have questions about making contributions to our project, feel free to reach us on chat or add questions directly on your PR.