• Issue #201506-02: Possible user impersonation when using OpenAM as an OAuth2/OIDC Provider.
    When using multiple realms, it is possible for an authenticated user in realmA to acquire OAuth2 and OpenID Connect tokens that correspond to realmB.

    How can one reproduce this issue? Whats the use case where one can face this scenario.