https://issues.jboss.org/browse/SECURITY-772 org.jboss.security.negotiation.spnego.SPNEGOLoginModule private class AcceptSecContext: if (gssContext.isEstablished()) { log.warn("Authentication was performed despite already being authenticated!"); // TODO - Refactor to only do this once. setIdentity(new KerberosPrincipal(gssContext.getSrcName().toString())); The last line should obey the "removeRealmFromPrincipal" flag similarly as a bit further down: setIdentity(createIdentity(gssContext.getSrcName().toString()));
fixed in https://issues.jboss.org/browse/SECURITY-772 BZ-1039955 is the component upgrade request
Verified in EAP 6.4.0.ER1.