March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2101) Ensure the default configurations used by clients will be compatible with stronger authentication mechanisms

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2101?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2101: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Ensure the default configurations used by clients will be compatible with stronger authentication mechanisms > ------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-2101 > URL: https://issues.jboss.org/browse/WFCORE-2101 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta12 > > > i.e. a later AS release will start to enable mechs like SCRAM, client should work without additional configuration. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2100) Upgrade to WildFly Elytron 1.1.0.Final

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2100?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2100: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Upgrade to WildFly Elytron 1.1.0.Final > -------------------------------------- > > Key: WFCORE-2100 > URL: https://issues.jboss.org/browse/WFCORE-2100 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta12 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2068) HTTPSConnectionWithCLITestCase and HTTPSManagementInterfaceTestCase Failing Due To Native Protocol Issue

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2068?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2068: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > HTTPSConnectionWithCLITestCase and HTTPSManagementInterfaceTestCase Failing Due To Native Protocol Issue > -------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2068 > URL: https://issues.jboss.org/browse/WFCORE-2068 > Project: WildFly Core > Issue Type: Bug > Components: Remoting, Test Suite > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta12 > > > The listed test case is failing during clean up with the following error: - > {noformat} > java.io.IOException: java.io.IOException: WFLYPRT0054: Channel closed > at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:166) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:135) > at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:59) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135) > at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147) > at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:80) > {noformat} > The stage of the test using HTTP Upgrade over a HTTPS connection appears to be working fine, the issue is with the native management interface used for test clean up. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2438) Legacy Kerberos for management interface returns 500 instead of 401

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2438?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2438: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Legacy Kerberos for management interface returns 500 instead of 401 > ------------------------------------------------------------------- > > Key: WFCORE-2438 > URL: https://issues.jboss.org/browse/WFCORE-2438 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 3.0.0.Beta12 > > > On first access server should response with 401 http code. Subsequent response could be 500, as it express properly server is misconfigured. In EAP 7.0 it was 403, that is not ideal as 403 mean user is authenticated but has not proper roles, which is not true in this case. > Also some ERROR log message would be helpful for administrators to find cause of problem. Now there are just TRACE level messages > {code:title=server.log} > 07:40:04,134 TRACE [org.jboss.as.domain.management.security] (management task-6) No mapping for name 'http/localhost.localdomain' to KeytabService, attempting to use host only match. > 07:40:04,135 TRACE [org.jboss.as.domain.management.security] (management task-6) No mapping for host 'localhost.localdomain' to KeytabService, attempting to use default. > 07:40:04,135 TRACE [org.jboss.as.domain.management.security] (management task-6) No KeytabService available for host 'localhost.localdomain' unable to return SubjectIdentity. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2386) Legacy Kerberos in management, unable to configure fallback authentication.

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2386?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2386: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Legacy Kerberos in management, unable to configure fallback authentication. > --------------------------------------------------------------------------- > > Key: WFCORE-2386 > URL: https://issues.jboss.org/browse/WFCORE-2386 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: regression > Fix For: 3.0.0.Beta12 > > > In EAP 7.0 there was possible to configure fallback (e.g. BASIC) authentication, if client does not support SPNEGO authentication. In EAP 7.1 this feature does not work anymore. > In EAP 7.0 server returns multiple chalanges (Negotiate/Basic) and client could choose which he will use. > {code:title=EAP 7.0} > HTTP/1.1 401 Unauthorized > Connection: keep-alive > WWW-Authenticate: Negotiate > WWW-Authenticate: Basic realm="FallBackKerberosRealm" > X-Frame-Options: SAMEORIGIN > Content-Length: 77 > Content-Type: text/html > Date: Mon, 30 Jan 2017 11:02:45 GMT > <html><head><title>Error</title></head><body>401 - Unauthorized</body></html> > {code} > In EAP 7.1 (with same configuration) server returns only one chalange - Negotiate so client not supporting SPNEGO, can't fallback to Basic. > {code:title=EAP 7.1} > HTTP/1.1 401 Unauthorized > Connection: keep-alive > WWW-Authenticate: Negotiate > X-Frame-Options: SAMEORIGIN > Content-Length: 77 > Content-Type: text/html > Date: Mon, 30 Jan 2017 11:01:28 GMT > <html><head><title>Error</title></head><body>401 - Unauthorized</body></html> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2486) Legacy ldap realm returns 401 if LDAP is unreachable

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2486?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2486: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Legacy ldap realm returns 401 if LDAP is unreachable > ---------------------------------------------------- > > Key: WFCORE-2486 > URL: https://issues.jboss.org/browse/WFCORE-2486 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta12 > > > Contradics JBEAP-8125 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2349) Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients.

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2349?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2349: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Add RemoteManagementPermission and RemoteJMXPermission checks for remote clients. > --------------------------------------------------------------------------------- > > Key: WFCORE-2349 > URL: https://issues.jboss.org/browse/WFCORE-2349 > Project: WildFly Core > Issue Type: Enhancement > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta12 > > > Other services such as EJB and transactions have a Remote*Permission to verify the remote client has the required permission to use that service - this should be repeated for the management related services to control what a remote client can and can not connect to. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2317) Nested attributes are not validated

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2317?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2317: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Nested attributes are not validated > ----------------------------------- > > Key: WFCORE-2317 > URL: https://issues.jboss.org/browse/WFCORE-2317 > Project: WildFly Core > Issue Type: Bug > Components: Domain Management > Affects Versions: 3.0.0.Alpha25 > Reporter: Michal Petrov > Assignee: Michal Petrov > Fix For: 3.0.0.Beta12 > > > Attributes of type Object do not have their inner attributes validated for e.g. "requires" and "alternatives". -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2497) Convert *-authentication-factory resources to be child resources of security-domain

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2497?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2497: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Convert *-authentication-factory resources to be child resources of security-domain > ----------------------------------------------------------------------------------- > > Key: WFCORE-2497 > URL: https://issues.jboss.org/browse/WFCORE-2497 > Project: WildFly Core > Issue Type: Task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta12 > > > This is a good example of where child resources work. > The authentication factory resources have a mandatory dependency on a single security domain. > The configuration within the factory is related to it's security domain. > There is only a single resource that can provide security domains. > The behaviour of the parent is unaffected by the existence or configuration of the child. > The parent and child manage their own services independently with the child's service depending on the parent's service. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

[JBoss JIRA] (WFCORE-2267) Delete all legacy code from CallbackHandlerService and SubjectSupplemental implementations

by Brian Stansberry (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2267?page=com.atlassian.jira.plugi... ] Brian Stansberry updated WFCORE-2267: ------------------------------------- Fix Version/s: 3.0.0.Beta12 (was: 3.0.0.Beta11) > Delete all legacy code from CallbackHandlerService and SubjectSupplemental implementations > ------------------------------------------------------------------------------------------ > > Key: WFCORE-2267 > URL: https://issues.jboss.org/browse/WFCORE-2267 > Project: WildFly Core > Issue Type: Task > Components: Domain Management, Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 3.0.0.Beta12 > > > Only the Elytron realms are now used. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017