My application runs on a tomcat (v8) and needs roles to work. Until now, I managed the users and their roles with a custom JDBCRealm which I configured in the server.xml. Also, until now I accessed the tomcat webserver directly.
Now I tried to use the Apache2 HTTPD with mod_auth_openidc and AJP. I want to let my users authenticate via OpenID Connect. Also, I wanted to let OpenID Connect handle the authorization. I created an Auth0-Account and used their service to test my application. It seems to work, after I added the attributes tomcatAuthentication="false" and tomcatAuthorization="true" to tomcat's AJP connector.
The tomcatAuthorization="true" attribute basically enables tomcat's authorization and lets it create a GenericPrincipal instead of a CoyotePrincipal, which has no roles.
Auth0 offers an interface on their website to add metadata to their JSON string in which I tried to add roles. Sadly, that didn't work.
Is there a way to let tomcat know which roles a user has using OpenID Connect and AJP?
