]
Darran Lofthouse resolved WFLY-8301.
------------------------------------
Assignee: Darran Lofthouse
Resolution: Won't Fix
Marking as 'Won't Fix' as this is in relation to PicketLink which is
deprecated.
Picketlink trust domain config needs to be in attribute and not path
--------------------------------------------------------------------
Key: WFLY-8301
URL:
https://issues.jboss.org/browse/WFLY-8301
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Tomaz Cerar
Assignee: Darran Lofthouse
Priority: Major
Currently trustdomain for PL federation is configured by adding new sub resource under
idenity-provider
Problem is that name of the trust domain resource you add is an url.
In case that URL is ipv6 one in square brackets [::1] this makes it a invalid path.
Currently testsuite relies on this to work, and by some miracle it works when configured
via XML, but trying to do so with CLI fails as [] are forbidden chars in path (resource
name)
example of CLI command
{{/subsystem=picketlink-federation/federation=federation-simple-redirect-binding/identity-provider=idp-redirect.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-redirect-with-signatures/identity-provider=idp-redirect-sig.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-simple-post-binding/identity-provider=idp-post.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-post-with-signatures/identity-provider=idp-post-sig.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-with-metadata/identity-provider=idp-metadata.war/trust-domain=${public.ip}:add}}
where ${public.ip} can be 127.0.01 or [::1]
I think given that TrustDomainResourceDefinition has no attributes beyond own name.
it could be converted to a List<String> on parent resource.
or name should be used only for id, with additional attribute that would represent
domain.