February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-8193) Incorrect realm for DIGEST-MD5 when Elytron SASL global factory is directly used

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-8193: ---------------------------------- Summary: Incorrect realm for DIGEST-MD5 when Elytron SASL global factory is directly used Key: WFLY-8193 URL: https://issues.jboss.org/browse/WFLY-8193 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Blocker In case when some sasl-authentication-factory, which uses directly sasl-server-factory="global", is used for authentication and DIGEST-MD5 mechanism is used, then authentication fails. It is caused by incorrectly passed realm name used for authentication. See Steps to Reproduce for more details. Following is used for creating DIGEST-MD5 for authentication response (realm "localhost" is not correct used realm): {code} charset=utf-8,username="user1",realm="localhost",nonce="N7K8/KwSm/p8dxOK2LgcCBDPrhva3ILhHLQ4qWXO",nc=00000001,cnonce="MVJ6zYGtLDjffNPgt+l7OKXq62o1vu/QkPooB1EyCBxK6JiG",digest-uri="remote/localhost",maxbuf=65536,response=3acb12f0e1f42edc48e13cac8e77ae2e,qop=auth {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2316) Introduce credential-store.sh

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2316?page=com.atlassian.jira.plugi... ] Darran Lofthouse commented on WFCORE-2316: ------------------------------------------ Not convinced we need one but if a script was added it would need to be wildfly-elytron-tool.sh and not specific to the credential store. > Introduce credential-store.sh > ----------------------------- > > Key: WFCORE-2316 > URL: https://issues.jboss.org/browse/WFCORE-2316 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: credential-store, user_experience > > Currently there is just delivered wildfly-elytron-tool.jar in {{$EAP_HOME/bin}} folder. I think for convenience it would be better if it will contain also credential-store.sh script, although now it will be just java -jar wildfly-elytron-tool.jar credential-store > - It saves space on command line > - It is analogous to vault.sh - so obvious when looking for credential store tool > - With such script we gain customization point for credential store. As wildfly-elytron-tool.jar will expand, it is possible some credential-store customization for starting tool will be necessary > - Once wildlfy elytron tool will be exposed with modules, script can be updated to start with modules with no change for user -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2316) Introduce credential-store.sh

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2316?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8185 to WFCORE-2316: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2316 (was: WFLY-8185) Component/s: Security (was: Security) > Introduce credential-store.sh > ----------------------------- > > Key: WFCORE-2316 > URL: https://issues.jboss.org/browse/WFCORE-2316 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: credential-store, user_experience > > Currently there is just delivered wildfly-elytron-tool.jar in {{$EAP_HOME/bin}} folder. I think for convenience it would be better if it will contain also credential-store.sh script, although now it will be just java -jar wildfly-elytron-tool.jar credential-store > - It saves space on command line > - It is analogous to vault.sh - so obvious when looking for credential store tool > - With such script we gain customization point for credential store. As wildfly-elytron-tool.jar will expand, it is possible some credential-store customization for starting tool will be necessary > - Once wildlfy elytron tool will be exposed with modules, script can be updated to start with modules with no change for user -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2316) Introduce credential-store.sh

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2316?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2316: ------------------------------------- Issue Type: Feature Request (was: Bug) > Introduce credential-store.sh > ----------------------------- > > Key: WFCORE-2316 > URL: https://issues.jboss.org/browse/WFCORE-2316 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: credential-store, user_experience > > Currently there is just delivered wildfly-elytron-tool.jar in {{$EAP_HOME/bin}} folder. I think for convenience it would be better if it will contain also credential-store.sh script, although now it will be just java -jar wildfly-elytron-tool.jar credential-store > - It saves space on command line > - It is analogous to vault.sh - so obvious when looking for credential store tool > - With such script we gain customization point for credential store. As wildfly-elytron-tool.jar will expand, it is possible some credential-store customization for starting tool will be necessary > - Once wildlfy elytron tool will be exposed with modules, script can be updated to start with modules with no change for user -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8192) CS tool, Add possibility to produce masked password

by Martin Choma (JIRA)

Martin Choma created WFLY-8192: ---------------------------------- Summary: CS tool, Add possibility to produce masked password Key: WFLY-8192 URL: https://issues.jboss.org/browse/WFLY-8192 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse This JIRA is requesting for specialized feature (option) of getting masked string. Now you can get value of masked password, but as a side effect of adding alias into credential store and parameter --summary have to be used. {code} java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary Alias "myalias" has been successfully stored Credential store command summary: -------------------------------------- /subsystem=elytron/credential-store=test:add(uri="cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230"}) {code} And in output there is masked string {{MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230}} hidden. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8192) CS tool, Add possibility to produce masked password

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-8192?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-8192: ------------------------------- Labels: credential-store user_experience (was: credential-store) > CS tool, Add possibility to produce masked password > --------------------------------------------------- > > Key: WFLY-8192 > URL: https://issues.jboss.org/browse/WFLY-8192 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Labels: credential-store, user_experience > > This JIRA is requesting for specialized feature (option) of getting masked string. > Now you can get value of masked password, but as a side effect of adding alias into credential store and parameter --summary have to be used. > {code} > java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret supersecretpassword --location="test.store" --uri "cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS" --password mycspassword --salt 12345678 --iteration 230 --summary > Alias "myalias" has been successfully stored > Credential store command summary: > -------------------------------------- > /subsystem=elytron/credential-store=test:add(uri="cr-store://test?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230"}) > {code} > And in output there is masked string {{MASK-uNWeyrmbByBEjgZM1FAPQW==;12345678;230}} hidden. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2216) CLI fails to reload when connection upgrades from http to https

by Petr Kremensky (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2216?page=com.atlassian.jira.plugi... ] Petr Kremensky commented on WFCORE-2216: ---------------------------------------- Hi guys, ReloadRedirectTestCase stuck on our HP-UX builds (3.0.0.Beta2). I'll try to look more into this later this week and create a new Jira eventually ( [^test_log] [^thread_dump] ) cc [~mkopecky] > CLI fails to reload when connection upgrades from http to https > --------------------------------------------------------------- > > Key: WFCORE-2216 > URL: https://issues.jboss.org/browse/WFCORE-2216 > Project: WildFly Core > Issue Type: Bug > Components: CLI > Reporter: Jean-Francois Denise > Assignee: Jean-Francois Denise > Fix For: 3.0.0.Alpha23 > > Attachments: test_log, thread_dump > > > reload command should manage to reconnect to a server reconfigured with https management interface. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2216) CLI fails to reload when connection upgrades from http to https

by Petr Kremensky (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2216?page=com.atlassian.jira.plugi... ] Petr Kremensky updated WFCORE-2216: ----------------------------------- Attachment: test_log thread_dump > CLI fails to reload when connection upgrades from http to https > --------------------------------------------------------------- > > Key: WFCORE-2216 > URL: https://issues.jboss.org/browse/WFCORE-2216 > Project: WildFly Core > Issue Type: Bug > Components: CLI > Reporter: Jean-Francois Denise > Assignee: Jean-Francois Denise > Fix For: 3.0.0.Alpha23 > > Attachments: test_log, thread_dump > > > reload command should manage to reconnect to a server reconfigured with https management interface. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8191) CS tool, review usage documentation

by Martin Choma (JIRA)

Martin Choma created WFLY-8191: ---------------------------------- Summary: CS tool, review usage documentation Key: WFLY-8191 URL: https://issues.jboss.org/browse/WFLY-8191 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Critical Current usage output {code} usage: java -jar wildfly-elytron-tool.jar credential-store <sub-command> <options> -a <arg> | -e <arg> | -h | -r <arg> | -v [-c] [-f] [-i <arg>] [-l <arg>] [-p <arg>] [-s <arg>] [-t <arg>] [-u <arg>] [-x <arg>] -a,--add <arg> Add new alias to the credential store -c,--create Create credential store [true/false] -e,--exists <arg> Check if alias exists within the credential store -f,--summary Print summary, especially command how to create this credential store -h,--help Get help with usage of this command -i,--iteration <arg> Iteration count for for final masked password of the credential store -l,--location <arg> Location of credential store storage file -p,--password <arg> Password for credential store -r,--remove <arg> Remove alias from the credential store -s,--salt <arg> Salt to apply for final masked password of the credential store -t,--type <arg> Credential store type -u,--uri <arg> Configuration URI for credential store -v,--aliases Display all aliases -x,--secret <arg> Password credential value {code} IMO suffers with these issues: - it introduce misleading <sub-command> placeholder. It is not used now. It is prepared for future needs. Remove it please. - it is not obvious which options are required in conjuction with e.g. --add option - use GNU usage syntax. e.g. [] instead of <> - sometimes it will be more useful to replace <arg> with some meaningful name, e.g. --add alias I suggest something like {code} java -jar wildfly-elytron-tool.jar credential-store required_option [options] java -jar wildfly-elytron-tool.jar credential-store --add alias -u arg ... [-c] ... java -jar wildfly-elytron-tool.jar credential-store --remove alias -u arg [-c] ... ... One of these is required -a,--add alias Add new alias to the credential store -e,--exists alias Check if alias exists within the credential store -h,--help Get help with usage of this command -r,--remove alias Remove alias from the credential store -v,--aliases Display all aliases Options -c,--create Create credential store [true/false] -f,--summary Print summary, especially command how to create this credential store -i,--iteration count Iteration count for for final masked password of the credential store -l,--location file Location of credential store storage file -p,--password store_password Password for credential store -s,--salt arg Salt to apply for final masked password of the credential store -t,--type arg Credential store type -u,--uri arg Configuration URI for credential store -x,--secret value Password credential value {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8141) CachedConnectionManager add operation excepts no parameters anymore

by Martin Simka (JIRA)

[ https://issues.jboss.org/browse/WFLY-8141?page=com.atlassian.jira.plugin.... ] Martin Simka commented on WFLY-8141: ------------------------------------ [~brian.stansberry] I'm missing {{:add(install="true")}} in requirements above. Shouldn't it be there? Removing it was incompatible change as this jira shows. > CachedConnectionManager add operation excepts no parameters anymore > ------------------------------------------------------------------- > > Key: WFLY-8141 > URL: https://issues.jboss.org/browse/WFLY-8141 > Project: WildFly > Issue Type: Bug > Components: Domain Management, JCA > Affects Versions: 11.0.0.Alpha1 > Reporter: Tomaz Cerar > Assignee: Brian Stansberry > Priority: Critical > > Fix for WFLY-2640 broke :add operation for cached-connection-manager > scipts that do > {noformat} > /profile=default-web/subsystem=jca/cached-connection-manager=cached-connection-manager:add(install="true") > {noformat} > {noformat} > /subsystem=jca/cached-connection-manager=cached-connection-manager:add(install="true") > {noformat} > now fail with > {{Operation 'add' does not expect any property.}} > This breaks our quickstarts -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017