[JBoss JIRA] (WFCORE-2025) CLI SSLContext Priority
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2025?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-2025:
-------------------------------------
Fix Version/s: 3.0.0.Alpha15
(was: 3.0.0.Alpha14)
> CLI SSLContext Priority
> -----------------------
>
> Key: WFCORE-2025
> URL: https://issues.jboss.org/browse/WFCORE-2025
> Project: WildFly Core
> Issue Type: Task
> Components: CLI, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 3.0.0.Alpha15
>
>
> We have three different places an SSLContext could come from for the CLI: -
> # CLI Configuration
> # AuthenticationClient Configuration
> # Default interactive SSLContext
> We need to ensure they are prioritised as above.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (WFCORE-2031) Update description of security-realm in management interfaces
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2031?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-2031:
-------------------------------------
Fix Version/s: 3.0.0.Alpha15
(was: 3.0.0.Alpha14)
> Update description of security-realm in management interfaces
> -------------------------------------------------------------
>
> Key: WFCORE-2031
> URL: https://issues.jboss.org/browse/WFCORE-2031
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Labels: user_experience
> Fix For: 3.0.0.Alpha15
>
>
> Description of security-realm attribute in HTTP (and native) management interfaces says:
> "The security realm to use for the HTTP management interface." or "The security realm to use for the native management interface."
> However Elytron also uses security-realms. Description of mentioned about attribute should include information that it uses *legacy* security realm (not Elytron). Without word "legacy" it can be confusing since two different types of security-realm currently occur in configuration.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (WFCORE-2030) sasl-authentication-factory should be valid in combination with security-realm in native management interface in CLI
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2030?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-2030:
-------------------------------------
Fix Version/s: 3.0.0.Alpha15
(was: 3.0.0.Alpha14)
> sasl-authentication-factory should be valid in combination with security-realm in native management interface in CLI
> --------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2030
> URL: https://issues.jboss.org/browse/WFCORE-2030
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 3.0.0.Alpha15
>
>
> I am not able to add native management interface with both {{sasl-authentication-factory}} and {{security-realm}} attributes. According to comments in EAP7-545 Analysis document [1] setting both of them is valid configuration. However CLI consider this combination as invalid (when running server with standalone-elytron.xml):
> {code}
> /core-service=management/management-interface=native-interface:add(sasl-authentication-factory=application-sasl-authentication,security-realm=ApplicationRealm,socket-binding=management-http)
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0105: sasl-authentication-factory is invalid in combination with security-realm",
> "rolled-back" => true
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months
[JBoss JIRA] (WFCORE-2029) It is not possible to set Elytron for native management interface
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2029?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-2029:
-------------------------------------
Fix Version/s: 3.0.0.Alpha15
(was: 3.0.0.Alpha14)
> It is not possible to set Elytron for native management interface
> -----------------------------------------------------------------
>
> Key: WFCORE-2029
> URL: https://issues.jboss.org/browse/WFCORE-2029
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: 3.0.0.Alpha15
>
>
> I am not able to correctly configure native management interface to use Elytron.
> I am adding some binding for native interface:
> {code}
> /socket-binding-group=standard-sockets/socket-binding=native:add(port=9999)
> {code}
> And then adding native management interface which uses Elytron sasl-authentication-factory ({{application-sasl-authentication}} is predefined in standalone-elytron.xml):
> {code}
> /core-service=management/management-interface=native-interface:add(sasl-authentication-factory=application-sasl-authentication,socket-binding=native)
> {
> "outcome" => "failed",
> "failure-description" => {
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.sasl-authentication-factory"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.server.management is missing [org.wildfly.security.sasl-authentication-factory]"]
> },
> "rolled-back" => true
> }
> {code}
> Following exception occurs in server log:
> {code}
> ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("add") failed - address: ([
> ("core-service" => "management"),
> ("management-interface" => "native-interface")
> ]) - failure description: {
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.sasl-authentication-factory"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.remoting.server.management is missing [org.wildfly.security.sasl-authentication-factory]"]
> }
> INFO [org.jboss.as.controller] (management-handler-thread - 2) WFLYCTL0183: Service status report
> WFLYCTL0184: New missing/unsatisfied dependencies:
> service org.wildfly.security.sasl-authentication-factory (missing) dependents: [service jboss.remoting.server.management]
> {code}
> The same exception is thrown when I am trying to set SSL through Elytron {{ssl-context}} attribute in management native-interface.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 4 months