January 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-7610) Missing default value of filter-name in Elytron ldap-realm in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7610?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7610: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Missing default value of filter-name in Elytron ldap-realm in management model > ------------------------------------------------------------------------------ > > Key: WFLY-7610 > URL: https://issues.jboss.org/browse/WFLY-7610 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Elytron {{ldap-realm.identity-mapping.filter-name}} attribute has not assigned default value in CLI. However according to XSD it has default value (rdn-identifier={0}). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7624) Inconsistency between DMR and XSD representation of key-store attribute of Elytron key-managers and trust-managers

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7624?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7624: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Inconsistency between DMR and XSD representation of key-store attribute of Elytron key-managers and trust-managers > ------------------------------------------------------------------------------------------------------------------ > > Key: WFLY-7624 > URL: https://issues.jboss.org/browse/WFLY-7624 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Kotek > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > There are inconsistencies between DMR and XSD representation of {{key-managers}} and {{trust-managers}}. According to XSD, {{key-store}} is optional, but according to DMR it is {{"nillable" => false}}. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7610) Missing default value of filter-name in Elytron ldap-realm in management model

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7610?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7610: ----------------------------------- Summary: Missing default value of filter-name in Elytron ldap-realm in management model (was: Missing default value of filter-name in Elytron ldap-realm in CLI) > Missing default value of filter-name in Elytron ldap-realm in management model > ------------------------------------------------------------------------------ > > Key: WFLY-7610 > URL: https://issues.jboss.org/browse/WFLY-7610 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > > Elytron {{ldap-realm.identity-mapping.filter-name}} attribute has not assigned default value in CLI. However according to XSD it has default value (rdn-identifier={0}). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2164) User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2164?page=com.atlassian.jira.plugi... ] Darran Lofthouse resolved WFCORE-2164. -------------------------------------- Resolution: Rejected This is the expected behaviour. > User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management > --------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2164 > URL: https://issues.jboss.org/browse/WFCORE-2164 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha18 > > > In case when both {{identity}} and legacy {{security-realm}} are configured in {{management}} then usage of legacy solution for management authentication always results to user identity anonymous. In case when only legacy authentication is used for authentication, then it should not be affected by management identity. > This issue strongly affects scenario when one of management interfaces will use Elytron and another will use legacy solution. Identity will be always set to anonymous for legacy solution. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2164) User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2164?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7640 to WFCORE-2164: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2164 (was: WFLY-7640) Component/s: Security (was: Security) Affects Version/s: (was: 11.0.0.Alpha1) > User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management > --------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2164 > URL: https://issues.jboss.org/browse/WFCORE-2164 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha18 > > > In case when both {{identity}} and legacy {{security-realm}} are configured in {{management}} then usage of legacy solution for management authentication always results to user identity anonymous. In case when only legacy authentication is used for authentication, then it should not be affected by management identity. > This issue strongly affects scenario when one of management interfaces will use Elytron and another will use legacy solution. Identity will be always set to anonymous for legacy solution. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2164) User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2164?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2164: ------------------------------------- Fix Version/s: 3.0.0.Alpha18 > User identity is always set to anonymous for legacy security-realm authentication when identity is configured in management > --------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2164 > URL: https://issues.jboss.org/browse/WFCORE-2164 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha18 > > > In case when both {{identity}} and legacy {{security-realm}} are configured in {{management}} then usage of legacy solution for management authentication always results to user identity anonymous. In case when only legacy authentication is used for authentication, then it should not be affected by management identity. > This issue strongly affects scenario when one of management interfaces will use Elytron and another will use legacy solution. Identity will be always set to anonymous for legacy solution. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2163) Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2163?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2163: ------------------------------------- Fix Version/s: 3.0.0.Alpha18 > Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface > --------------------------------------------------------------------------------------------------- > > Key: WFCORE-2163 > URL: https://issues.jboss.org/browse/WFCORE-2163 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Alpha18 > > > In case when legacy security-realm for SSL is used together with Elytron authentication in HTTP management interface then server is not started. > I am using following configuration for HTTP management interface (see Steps to Reproduce for more details): > {code} > <http-interface http-authentication-factory="management-http-authentication" security-realm="ManagementRealmHTTPS"> > <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> > <socket-binding http="management-http" https="management-https"/> > </http-interface> > {code} > Server is not started and following errors occur in log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:330) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided. > at org.jboss.as.domain.http.server.ManagementHttpServer.getSSLContext(ManagementHttpServer.java:225) > at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:254) > at org.jboss.as.domain.http.server.ManagementHttpServer.access$2400(ManagementHttpServer.java:107) > at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:589) > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:292) > ... 5 more > {code} > and > {code} > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > {code} > According to comments in EAP7-545 Analysis document [1], when security-realm and http-authentication-factory are specified but no ssl-context is used then it should lead to use legacy security-realm for SSL configuration and http-authentication-factory for authentication. > [1] https://docs.google.com/document/d/1LsS-CGUJSDwGcFUva0g-BF9ZIq0jwx__1e_oJ... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2163) Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2163?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7641 to WFCORE-2163: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2163 (was: WFLY-7641) Component/s: Security (was: Security) Affects Version/s: (was: 11.0.0.Alpha1) > Server does not start when Elytron authentication + legacy SSL is used in HTTP management interface > --------------------------------------------------------------------------------------------------- > > Key: WFCORE-2163 > URL: https://issues.jboss.org/browse/WFCORE-2163 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > In case when legacy security-realm for SSL is used together with Elytron authentication in HTTP management interface then server is not started. > I am using following configuration for HTTP management interface (see Steps to Reproduce for more details): > {code} > <http-interface http-authentication-factory="management-http-authentication" security-realm="ManagementRealmHTTPS"> > <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> > <socket-binding http="management-http" https="management-https"/> > </http-interface> > {code} > Server is not started and following errors occur in log: > {code} > ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.management.http.extensible: org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:330) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1963) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1896) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided. > at org.jboss.as.domain.http.server.ManagementHttpServer.getSSLContext(ManagementHttpServer.java:225) > at org.jboss.as.domain.http.server.ManagementHttpServer.create(ManagementHttpServer.java:254) > at org.jboss.as.domain.http.server.ManagementHttpServer.access$2400(ManagementHttpServer.java:107) > at org.jboss.as.domain.http.server.ManagementHttpServer$Builder.build(ManagementHttpServer.java:589) > at org.jboss.as.server.mgmt.UndertowHttpManagementService.start(UndertowHttpManagementService.java:292) > ... 5 more > {code} > and > {code} > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ > ("core-service" => "management"), > ("management-interface" => "http-interface") > ]) - failure description: { > "WFLYCTL0080: Failed services" => {"org.wildfly.management.http.extensible" => "org.jboss.msc.service.StartException in service org.wildfly.management.http.extensible: WFLYSRV0083: Failed to start the http-interface service > Caused by: java.lang.IllegalStateException: WFLYDMHTTP0015: No SecurityRealm or SSLContext has been provided."}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.management.http.extensible"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > } > {code} > According to comments in EAP7-545 Analysis document [1], when security-realm and http-authentication-factory are specified but no ssl-context is used then it should lead to use legacy security-realm for SSL configuration and http-authentication-factory for authentication. > [1] https://docs.google.com/document/d/1LsS-CGUJSDwGcFUva0g-BF9ZIq0jwx__1e_oJ... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7664) Missing default values in ldap-key-store description in management model.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7664?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7664: ----------------------------------- Fix Version/s: 11.0.0.Alpha1 > Missing default values in ldap-key-store description in management model. > ------------------------------------------------------------------------- > > Key: WFLY-7664 > URL: https://issues.jboss.org/browse/WFLY-7664 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > Fix For: 11.0.0.Alpha1 > > > Some attributes of Elytron {{ldap-key-store}} resource have defined some default value, but description of these attributes in CLI is missing default values. According to XSD following attributes of {{ldap-key-store}} have assigned some default value: > * {{search-recursive}} has default value {{true}} > * {{search-time-limit}} has default value {{10000}} > * {{filter-alias}} has default value {{(alias-attribute=\{0\})}} > * {{filter-certificate}} has default value {{(certificate-attribute=\{0\})}} > * {{filter-iterate}} has default value {{(alias-attribute=*)}} > * {{alias-attribute}} has default value {{cn}} > * {{certificate-attribute}} has default value {{usercertificate}} > * {{certificate-type}} has default value {{X.509}} > * {{certificate-chain-attribute}} has default value {{userSMIMECertificate}} > * {{certificate-chain-encoding}} has default value {{PKCS7}} > * {{key-attribute}} has default value {{userPKCS12}} > * {{key-type}} has default value {{PKCS12}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7664) Missing default values in ldap-key-store description in management model.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFLY-7664?page=com.atlassian.jira.plugin.... ] Darran Lofthouse updated WFLY-7664: ----------------------------------- Summary: Missing default values in ldap-key-store description in management model. (was: Missing default values in ldap-key-store description in CLI) > Missing default values in ldap-key-store description in management model. > ------------------------------------------------------------------------- > > Key: WFLY-7664 > URL: https://issues.jboss.org/browse/WFLY-7664 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 11.0.0.Alpha1 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Labels: user_experience > > Some attributes of Elytron {{ldap-key-store}} resource have defined some default value, but description of these attributes in CLI is missing default values. According to XSD following attributes of {{ldap-key-store}} have assigned some default value: > * {{search-recursive}} has default value {{true}} > * {{search-time-limit}} has default value {{10000}} > * {{filter-alias}} has default value {{(alias-attribute=\{0\})}} > * {{filter-certificate}} has default value {{(certificate-attribute=\{0\})}} > * {{filter-iterate}} has default value {{(alias-attribute=*)}} > * {{alias-attribute}} has default value {{cn}} > * {{certificate-attribute}} has default value {{usercertificate}} > * {{certificate-type}} has default value {{X.509}} > * {{certificate-chain-attribute}} has default value {{userSMIMECertificate}} > * {{certificate-chain-encoding}} has default value {{PKCS7}} > * {{key-attribute}} has default value {{userPKCS12}} > * {{key-type}} has default value {{PKCS12}} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 3 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira January 2017