[JBoss JIRA] (WFCORE-2376) There isn't possibility disable create CS file from scratch
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2376?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7920 to WFCORE-2376:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2376 (was: WFLY-7920)
Component/s: Security
(was: Security)
> There isn't possibility disable create CS file from scratch
> -----------------------------------------------------------
>
> Key: WFCORE-2376
> URL: https://issues.jboss.org/browse/WFCORE-2376
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Peter Skopek
> Priority: Blocker
>
> There isn't possibility to disable create CS file from scratch.
> Earlier we were able to set create.storage to true/false.
> I can see problem in this scenario:
> * I want to create new CS with path to existing CS file
> * I fill wrong path
> * Everything pass
> But I want to use my CS file, not to create new one.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2377) Elytron, Unable to authenticate with SPNEGO on IBM java if obtain-kerberos-ticket = true
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2377?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8295 to WFCORE-2377:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2377 (was: WFLY-8295)
Component/s: Security
(was: Security)
> Elytron, Unable to authenticate with SPNEGO on IBM java if obtain-kerberos-ticket = true
> ----------------------------------------------------------------------------------------
>
> Key: WFCORE-2377
> URL: https://issues.jboss.org/browse/WFCORE-2377
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: ibm-java, kerberos
>
> On IBM java when obtain-kerberos-ticket is set to true user always get
> {code}
> javax.security.auth.login.LoginException: Bad JAAS configuration: credsType and keytab values are not compatible
> {code}
> According to ibm documentation [1] credsType=initiator and useKeytab are really incompatible.
> This constraint can't be avoided once obtain-kerberos-ticket = true, because keytab path is required in model.
> {code}
> "path" => {
> "type" => STRING,
> "description" => "The path of the KeyTab to load to obtain the credential.",
> "attribute-group" => "file",
> "expressions-allowed" => true,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> },
> {code}
> And keytab is always set into Kerberos login module options
> {code:title=GSSCredentialSecurityFactory.java}
> if (IS_IBM) {
> options.put("noAddress", "true");
> options.put("credsType", (isServer && !obtainKerberosTicket) ? "acceptor" : "initiator");
> options.put("useKeytab", keyTab.toURI().toURL().toString());
> }
> {code}
> [1] https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.sec...
> I am not setting to blocker just because I am not sure about importance of obtain-kerberos-ticket. See my question JBEAP-9292.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2374) Elytron deployment depends on org.jboss.security.negotiation
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2374?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7348 to WFCORE-2374:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2374 (was: WFLY-7348)
Component/s: Security
(was: Security)
Affects Version/s: 3.0.0.Beta7
(was: 11.0.0.Alpha1)
> Elytron deployment depends on org.jboss.security.negotiation
> ------------------------------------------------------------
>
> Key: WFCORE-2374
> URL: https://issues.jboss.org/browse/WFCORE-2374
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta7
> Reporter: Martin Choma
>
> Based on wildfly documentation deployment which is secured by SPNEGO have to depend on {{org.jboss.security.negotiation}} module
> Such configuration leads to WARN message beeing logged into server log
> {code}
> 08:35:05,388 WARN [org.jboss.as.dependency.private] (MSC service thread 1-8) WFLYSRV0018: Deployment "deployment.secured-webapp.war" is using a private module ("org.jboss.security.negotiation:main") which may be changed or removed in future versions without notice.
> {code}
> [1] https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2369) Incorrect class loader is used for loading custom Initial context factory in Elytron dir-context
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2369?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8265 to WFCORE-2369:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2369 (was: WFLY-8265)
Component/s: Security
(was: Security)
> Incorrect class loader is used for loading custom Initial context factory in Elytron dir-context
> ------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2369
> URL: https://issues.jboss.org/browse/WFCORE-2369
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Bartosz Baranowski
> Priority: Critical
>
> Quoting from [1]:
> {quote}
> DEBUG [org.wildfly.security] (default task-1) Could not create [class javax.naming.ldap.InitialLdapContext]. Failed to connect to LDAP server.: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory "com.sun.jndi.ldap.LdapCtxFactory" from classloader ModuleClassLoader for Module "deployment.print-roles.war" from Service Module Loader [Root exception is java.lang.ClassNotFoundException: "com.sun.jndi.ldap.LdapCtxFactory" from [Module "deployment.print-roles.war" from Service Module Loader]]
> at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:120)
> at org.jboss.as.naming.InitialContext.init(InitialContext.java:101)
> We can see from the stack trace the deployments class loader is being used.
> I think by default the ClassLoader of the subsystem should be used i.e. that will have the common dependencies. However we may want to also add a module attribute so an alternative module can be specified for when creating the InitialDirContext.
> {quote}
> [1] https://issues.jboss.org/browse/JBEAP-8025?focusedCommentId=13370291&page...
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2371) Unable to create custom credentail security factory
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2371?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-8151 to WFCORE-2371:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2371 (was: WFLY-8151)
Component/s: Security
(was: Security)
> Unable to create custom credentail security factory
> ---------------------------------------------------
>
> Key: WFCORE-2371
> URL: https://issues.jboss.org/browse/WFCORE-2371
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Assignee: Dmitrii Tikhomirov
> Priority: Blocker
>
> When I try to register custom credential security factory I get {{NoClassDefFoundError}}
> {code}
> 06:54:49,166 WARN [org.jboss.modules] (MSC service thread 1-4) Failed to define class org.wildfly.extras.creaper.commands.elytron.credfactory.AddCustomCredentialSecurityFactoryImpl in Module "org.jboss.customcredsecfacimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base)): java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/credfactory/AddCustomCredentialSecurityFactoryImpl (Module "org.jboss.customcredsecfacimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/CredentialSecurityFactory
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> 06:54:49,167 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-4) MSC000001: Failed to start service org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory: org.jboss.msc.service.StartException in service org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/credfactory/AddCustomCredentialSecurityFactoryImpl (Module "org.jboss.customcredsecfacimpl" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/CredentialSecurityFactory
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:448)
> at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:276)
> at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:79)
> at org.jboss.modules.Module.loadModuleClass(Module.java:708)
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:192)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:412)
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:400)
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.createValue(CustomComponentDefinition.java:156)
> at org.wildfly.extension.elytron.CustomComponentDefinition$ComponentAddHandler.lambda$performRuntime$1(CustomComponentDefinition.java:135)
> at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
> ... 3 more
> 06:54:49,168 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("custom-credential-security-factory" => "CreaperTestAddCustomCredentialSecurityFactory")
> ]) - failure description: {
> "WFLYCTL0080: Failed services" => {"org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory" => "org.jboss.msc.service.StartException in service org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory: Failed to start service
> Caused by: java.lang.NoClassDefFoundError: Failed to link org/wildfly/extras/creaper/commands/elytron/credfactory/AddCustomCredentialSecurityFactoryImpl (Module \"org.jboss.customcredsecfacimpl\" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules,/home/mchoma/workspace/eap-versions/7.1.0.DR12/jboss-eap-7.1/modules/system/layers/base))): org/wildfly/extension/elytron/capabilities/CredentialSecurityFactory"},
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-factory.credential.CreaperTestAddCustomCredentialSecurityFactory"]
> }
> {code}
> That works in DR11 without issue
> Here is implementation of custom credential security factory
> {code:java|title=AddCustomCredentialSecurityFactoryImpl.java}
> package org.wildfly.extras.creaper.commands.elytron.credfactory;
> import java.security.GeneralSecurityException;
> import java.util.Map;
> import org.wildfly.extension.elytron.Configurable;
> import org.wildfly.extension.elytron.capabilities.CredentialSecurityFactory;
> import org.wildfly.security.credential.Credential;
> public class AddCustomCredentialSecurityFactoryImpl<T> implements CredentialSecurityFactory, Configurable {
> @Override
> public Credential create() throws GeneralSecurityException {
> return null;
> }
> @Override
> public void initialize(Map<String, String> configuration) {
> if (configuration.containsKey("throwException")) {
> throw new IllegalStateException("Only test purpose. This exception was thrown on demand.");
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2373) Elytron DIGEST misconfiguration not handled
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2373?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7700 to WFCORE-2373:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2373 (was: WFLY-7700)
Component/s: Security
(was: Security)
> Elytron DIGEST misconfiguration not handled
> -------------------------------------------
>
> Key: WFCORE-2373
> URL: https://issues.jboss.org/browse/WFCORE-2373
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Martin Choma
> Priority: Critical
> Labels: user_experience
>
> When realm name from web.xml and server configuration differs, user is not informed about that fact.
> Could misconfiguration be handled by failing during application deployment as application requirement could not be satisfied?
> {code:title=web.xml}
> <login-config>
> <auth-method>DIGEST</auth-method>
> <realm-name>Secured kingdom</realm-name>
> </login-config>
> {code}
> {code:title=standalone-elytron.xml}
> <http-authentication-factory name="application-http-authentication" http-server-mechanism-factory="global" security-domain="ApplicationDomain">
> <mechanism-configuration>
> <mechanism mechanism-name="DIGEST">
> <mechanism-realm realm-name="ApplicationRealm"/>
> </mechanism>
> </mechanism-configuration>
> </http-authentication-factory>
> {code}
> {code:title=server.log}
> 17:06:18,278 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback
> 17:06:18,282 TRACE [org.wildfly.security] (default task-1) New nonce generated AAAAAQAAGoxim7G7FMLLnVddA7s69JDh5sRsiZ5aEDhg7qf+dB2Rjs7xwrg=, using seed Secured kingdom
> 17:06:22,308 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback
> 17:06:22,311 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling AvailableRealmsCallback: realms = [Application Realm]
> 17:06:22,312 TRACE [org.wildfly.security] (default task-2) Handling RealmCallback: selected = [Secured kingdom]
> 17:06:22,314 TRACE [org.wildfly.security] (default task-2) New nonce generated AAAAAgAAGo1TCzTJDpmA8HsI2fS4ZfJ60KbECZU6edCP9UepmGnyV93iP6c=, using seed Secured kingdom
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2372) filesystem-realm/identity fail-description message should contain new name of resource when name-rewriter is used and exception is related with it.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2372?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7535 to WFCORE-2372:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2372 (was: WFLY-7535)
Component/s: Security
(was: Security)
> filesystem-realm/identity fail-description message should contain new name of resource when name-rewriter is used and exception is related with it.
> ---------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2372
> URL: https://issues.jboss.org/browse/WFCORE-2372
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
>
> Fail-description message should contain new name of resource when name-rewriter is used and exception is related with it.
> *Scenario*
> I want to create "identity" for Elytron filesystem-realm with constant-name-rewriter (or others *-name-rewriter(s) with same behaviour).
> I am not able create more then one identity (because name is rewriten to same name).
> It is right behaviour but fail-description contains confusing message with OLD resource name.
> *Steps to reproduce*
> * /subsystem=elytron/constant-name-rewriter=constantNR001:add(constant=constantName)
> * /subsystem=elytron/filesystem-realm=fsRealm123:add(path=fs123, relative-to=jboss.server.config.dir,levels=1, name-rewriter=constantNR001)
> * /subsystem=elytron/filesystem-realm=fsRealm123/identity=identity001:add()
> I want add second identity with name "identity002" which is rewriten to *constantName*. I expect fail because the identity with *constantName* exists.
> /subsystem=elytron/filesystem-realm=fsRealm123/identity=identity002:add()
> {code}
> {
> "outcome" => "failed",
> "failure-description" => "WFLYELY01000: Identity with name [identity002] already exists.",
> "rolled-back" => true
> }
> {code}
> *Suggestion for solution*
> Message should contain some information about *constantName* at least. Information about nameRewriter will be also fine.
> e.g. "WFLYELY01000: Identity with name [identity002] which was rewritten to [constantName] already exists. Name-rewriter was used."
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2366) Complex type jdbc-realm in Elytron subsystem
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2366?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7174 to WFCORE-2366:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2366 (was: WFLY-7174)
Component/s: Security
(was: Security)
Affects Version/s: 3.0.0.Beta7
(was: 11.0.0.Alpha1)
Fix Version/s: 4.0.0.Alpha1
(was: 11.0.0.Alpha1)
> Complex type jdbc-realm in Elytron subsystem
> --------------------------------------------
>
> Key: WFCORE-2366
> URL: https://issues.jboss.org/browse/WFCORE-2366
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Affects Versions: 3.0.0.Beta7
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 4.0.0.Alpha1
>
>
> Elytron subsystem uses complex type in jdbc-realm resource which is difficult to use and can result to bad user experience, see description of JBEAP-6100 for more details.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months
[JBoss JIRA] (WFCORE-2367) Misleading description of identity-realm
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2367?page=com.atlassian.jira.plugi... ]
Darran Lofthouse moved WFLY-7669 to WFCORE-2367:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-2367 (was: WFLY-7669)
Component/s: Security
(was: Security)
Fix Version/s: 4.0.0.Alpha1
(was: 11.0.0.Alpha1)
> Misleading description of identity-realm
> ----------------------------------------
>
> Key: WFCORE-2367
> URL: https://issues.jboss.org/browse/WFCORE-2367
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jan Tymel
> Assignee: Darran Lofthouse
> Fix For: 4.0.0.Alpha1
>
>
> There is a misleading description of {{identity-realm}} in DMR [1]. It says _"A security realm definition where identities are represented in the management model."_ whereas an XSD documentation says _"Realm definition for a realm which contains a single pre-defined identity."_.
> In general, the XSD description looks clearer to me. Moreover, the {{identities}} word may be misleading since {{identity-realm}}'s purpose is to _"to store one identity, with one attribute and no credential"_ [3]. Thus I would suggest to also change the description of {{attribute-values}} from
> _"The values associated with the identities attribute."_ to something like _"The values associated with the identity attributes."_
> Suggestions for improvement:
> * Change description {{identity-realm}} according to XSD
> * Change description of {{attribute-values}} attr (in both DMR and XSD)
> * to consider: unify descriptions in XSD and DMR
> [1] /subsystem=elytron/identity-realm=somerealm:read-resource-description
> [2] https://github.com/wildfly-security/elytron-subsystem/blob/master/src/mai...
> [3] HipChats's WildFly Elytron chat room on Nov 21
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years, 8 months