April 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2658) Elytron, mechanism-names and mechanism-oids allows duplicate values

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2658?page=com.atlassian.jira.plugi... ] Jan Kalina reassigned WFCORE-2658: ---------------------------------- Assignee: Jan Kalina (was: Darran Lofthouse) > Elytron, mechanism-names and mechanism-oids allows duplicate values > ------------------------------------------------------------------- > > Key: WFCORE-2658 > URL: https://issues.jboss.org/browse/WFCORE-2658 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Jan Kalina > Priority: Blocker > > Trying to create kerberos-security-factory specifying KRB5 (1.2.840.113554.1.2.2) mechanism in both mechanism-names and mechanism-oids is succesfull > {code} > [standalone@localhost:9990 /] /subsystem=elytron/kerberos-security-factory=c:add(principal="HTTP/localhost(a)JBOSS.ORG", path="/path/to/keytab", mechanism-names=[KRB5,SPNEGO], mechanism-oids=["1.2.840.113554.1.2.2"]) > {"outcome" => "success"} > {code} > However, later that leads to error {{GSSException: Duplicate element found: 1.2.840.113554.1.2.2 usage: Accept}} > {code:title=server.log} > 07:32:19,873 TRACE [org.wildfly.security] (default task-1) SPNEGO: org.wildfly.security.http.HttpAuthenticationException: ELY05053: [SPNEGO] Callback handler failed for unknown reason > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:118) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:97) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.io.IOException: ELY01156: Cannot obtain a credential from a security factory > at org.wildfly.security.credential.source.CredentialSource$4.getCredential(CredentialSource.java:327) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:858) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:114) > ... 37 more > Caused by: java.security.GeneralSecurityException: GSSException: Duplicate element found: 1.2.840.113554.1.2.2 usage: Accept > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder.createGSSCredential(GSSCredentialSecurityFactory.java:302) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder.lambda$build$0(GSSCredentialSecurityFactory.java:251) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory.create(GSSCredentialSecurityFactory.java:98) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory.create(GSSCredentialSecurityFactory.java:60) > at org.wildfly.security.credential.source.CredentialSource$4.getCredential(CredentialSource.java:325) > ... 41 more > Caused by: GSSException: Duplicate element found: 1.2.840.113554.1.2.2 usage: Accept > at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:419) > at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:77) > at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:160) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder$1.run(GSSCredentialSecurityFactory.java:291) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder$1.run(GSSCredentialSecurityFactory.java:277) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder.createGSSCredential(GSSCredentialSecurityFactory.java:277) > ... 45 more > {code} > mechanism-names and mechanism-oids attributes should be > * either "deduplicated" - that in result each OID mechanism occures at most once > * or validated - that duplicate values are not configured -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2658) Elytron, mechanism-names and mechanism-oids allows duplicate values

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2658?page=com.atlassian.jira.plugi... ] Jan Kalina updated WFCORE-2658: ------------------------------- Priority: Blocker (was: Critical) > Elytron, mechanism-names and mechanism-oids allows duplicate values > ------------------------------------------------------------------- > > Key: WFCORE-2658 > URL: https://issues.jboss.org/browse/WFCORE-2658 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > > Trying to create kerberos-security-factory specifying KRB5 (1.2.840.113554.1.2.2) mechanism in both mechanism-names and mechanism-oids is succesfull > {code} > [standalone@localhost:9990 /] /subsystem=elytron/kerberos-security-factory=c:add(principal="HTTP/localhost(a)JBOSS.ORG", path="/path/to/keytab", mechanism-names=[KRB5,SPNEGO], mechanism-oids=["1.2.840.113554.1.2.2"]) > {"outcome" => "success"} > {code} > However, later that leads to error {{GSSException: Duplicate element found: 1.2.840.113554.1.2.2 usage: Accept}} > {code:title=server.log} > 07:32:19,873 TRACE [org.wildfly.security] (default task-1) SPNEGO: org.wildfly.security.http.HttpAuthenticationException: ELY05053: [SPNEGO] Callback handler failed for unknown reason > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:118) > at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:115) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115) > at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94) > at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78) > at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:97) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) > at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) > at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) > at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) > at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) > at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) > at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) > at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1704) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:211) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:809) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > Caused by: java.io.IOException: ELY01156: Cannot obtain a credential from a security factory > at org.wildfly.security.credential.source.CredentialSource$4.getCredential(CredentialSource.java:327) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:858) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:730) > at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113) > at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:114) > ... 37 more > Caused by: java.security.GeneralSecurityException: GSSException: Duplicate element found: 1.2.840.113554.1.2.2 usage: Accept > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder.createGSSCredential(GSSCredentialSecurityFactory.java:302) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder.lambda$build$0(GSSCredentialSecurityFactory.java:251) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory.create(GSSCredentialSecurityFactory.java:98) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory.create(GSSCredentialSecurityFactory.java:60) > at org.wildfly.security.credential.source.CredentialSource$4.getCredential(CredentialSource.java:325) > ... 41 more > Caused by: GSSException: Duplicate element found: 1.2.840.113554.1.2.2 usage: Accept > at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:419) > at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:77) > at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:160) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder$1.run(GSSCredentialSecurityFactory.java:291) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder$1.run(GSSCredentialSecurityFactory.java:277) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.wildfly.security.auth.util.GSSCredentialSecurityFactory$Builder.createGSSCredential(GSSCredentialSecurityFactory.java:277) > ... 45 more > {code} > mechanism-names and mechanism-oids attributes should be > * either "deduplicated" - that in result each OID mechanism occures at most once > * or validated - that duplicate values are not configured -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1093) CS tool, When we try to find out if alias exists in non-existent credential store storage file then we get success message.

by Hynek Švábek (JIRA)

Hynek Švábek created ELY-1093: --------------------------------- Summary: CS tool, When we try to find out if alias exists in non-existent credential store storage file then we get success message. Key: ELY-1093 URL: https://issues.jboss.org/browse/ELY-1093 Project: WildFly Elytron Issue Type: Bug Reporter: Hynek Švábek Assignee: Darran Lofthouse When we try to find out if alias exists in non-existent credential store storage file then we get success message. There is expected error message rather then success with information that Alias does not exist. *How to reproduce:* {code} java -jar wildfly-elytron-tool.jar credential-store --exists secret_alias --password pass1234 --uri "cr-store:///tmp/non-existent-file.jceks?modifiable=true;create=true;keyStoreType=JCEKS" Alias "secret_alias" does not exist {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1092) CS tool, There is success message when we try to list aliases from non-existent storage file.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/ELY-1092?page=com.atlassian.jira.plugin.s... ] Hynek Švábek updated ELY-1092: ------------------------------ Component/s: Credential Store > CS tool, There is success message when we try to list aliases from non-existent storage file. > --------------------------------------------------------------------------------------------- > > Key: ELY-1092 > URL: https://issues.jboss.org/browse/ELY-1092 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > > When we try to list aliases in non-existent credential store storage file then we get success message. > There is expected error message. > *How to reproduce:* > {code} > java -jar wildfly-elytron-tool.jar credential-store --aliases secret_alias --password pass123 --uri "cr-store:///tmp/non-existent-file.jceks?modifiable=true;create=true;keyStoreType=JCEKS" > Credential store contains following aliases: > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (ELY-1092) CS tool, There is success message when we try to list aliases from non-existent storage file.

by Hynek Švábek (JIRA)

Hynek Švábek created ELY-1092: --------------------------------- Summary: CS tool, There is success message when we try to list aliases from non-existent storage file. Key: ELY-1092 URL: https://issues.jboss.org/browse/ELY-1092 Project: WildFly Elytron Issue Type: Bug Reporter: Hynek Švábek Assignee: Darran Lofthouse When we try to list aliases in non-existent credential store storage file then we get success message. There is expected error message. *How to reproduce:* {code} java -jar wildfly-elytron-tool.jar credential-store --aliases secret_alias --password pass123 --uri "cr-store:///tmp/non-existent-file.jceks?modifiable=true;create=true;keyStoreType=JCEKS" Credential store contains following aliases: {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8599) Create test cases for Elytron Role Mappers

by Ondrej Lukas (JIRA)

[ https://issues.jboss.org/browse/WFLY-8599?page=com.atlassian.jira.plugin.... ] Ondrej Lukas reassigned WFLY-8599: ---------------------------------- Assignee: Ondrej Lukas > Create test cases for Elytron Role Mappers > ------------------------------------------ > > Key: WFLY-8599 > URL: https://issues.jboss.org/browse/WFLY-8599 > Project: WildFly > Issue Type: Bug > Components: Test Suite > Reporter: Ondrej Lukas > Assignee: Ondrej Lukas > > Create test cases for following Elytron Role Mappers: > * constant-role-mapper > * add-prefix-role-mapper > * add-suffix-role-mapper > * logical-role-mapper > * aggregate-role-mapper -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8599) Create test cases for Elytron Role Mappers

by Ondrej Lukas (JIRA)

Ondrej Lukas created WFLY-8599: ---------------------------------- Summary: Create test cases for Elytron Role Mappers Key: WFLY-8599 URL: https://issues.jboss.org/browse/WFLY-8599 Project: WildFly Issue Type: Bug Components: Test Suite Reporter: Ondrej Lukas Create test cases for following Elytron Role Mappers: * constant-role-mapper * add-prefix-role-mapper * add-suffix-role-mapper * logical-role-mapper * aggregate-role-mapper -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFLY-8598) Upgrade Narayana to 5.5.7.Final

by Ondra Chaloupka (JIRA)

[ https://issues.jboss.org/browse/WFLY-8598?page=com.atlassian.jira.plugin.... ] Ondra Chaloupka moved JBEAP-10427 to WFLY-8598: ----------------------------------------------- Project: WildFly (was: JBoss Enterprise Application Platform) Key: WFLY-8598 (was: JBEAP-10427) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Transactions (was: Transactions) > Upgrade Narayana to 5.5.7.Final > ------------------------------- > > Key: WFLY-8598 > URL: https://issues.jboss.org/browse/WFLY-8598 > Project: WildFly > Issue Type: Component Upgrade > Components: Transactions > Reporter: Ondra Chaloupka > Assignee: Tom Jenkinson > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2671) CLI Opertation 'load' for Elytron key-store does not correctly re-read keystore

by Jan Kalina (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2671?page=com.atlassian.jira.plugi... ] Jan Kalina reassigned WFCORE-2671: ---------------------------------- Assignee: Jan Kalina (was: Darran Lofthouse) > CLI Opertation 'load' for Elytron key-store does not correctly re-read keystore > ------------------------------------------------------------------------------- > > Key: WFCORE-2671 > URL: https://issues.jboss.org/browse/WFCORE-2671 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Jan Kalina > Priority: Blocker > > When keystore (or cerficate in keystore) is changed during server runtime then CLI opertation {{load}} can be used for {{/subsystem=elytron/key-store=...}} to re-reading this keystore in server. However after calling this operation server still works with original keystore/certificate. Then CLI reads current keystore correctly, but in case when ssl-context which uses that key-store is used then original keystore is still used by server. Reload of server is required to correctly re-read the new keystore. See Steps to Reproduce for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

[JBoss JIRA] (WFCORE-2689) Elytron, unable to use elytron ssl-context in server to host controller communication

by Martin Choma (JIRA)

Martin Choma created WFCORE-2689: ------------------------------------ Summary: Elytron, unable to use elytron ssl-context in server to host controller communication Key: WFCORE-2689 URL: https://issues.jboss.org/browse/WFCORE-2689 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Priority: Blocker In legacy there is possible to configure ssl context for the connection from the application server back to it's host controller in domain mode. This legacy configuration was added based on JBEAP-2514. I don't see Elytron alternative, such it would be possible to configure Elytron client ssl context. I have verified it is still possible to successfully configure domain mode in FIPS mode mixing 2 approaches: * Elytron for controller to controller communication * Legacy for server to controller communication. {code:title=wildfly-config_5_0.xsd} <xs:complexType name="serverType"> <xs:all> <xs:element name="paths" type="specified-pathsType" minOccurs="0" maxOccurs="1" /> <xs:element name="interfaces" type="specified-interfacesType" minOccurs="0"/> <xs:element name="socket-bindings" type="server-socket-bindingsType" minOccurs="0"/>  <xs:element name="system-properties" type="properties-with-boottime" minOccurs="0"/> <xs:element name="jvm" minOccurs="0" type="serverJvmType"/> <xs:element name="ssl" minOccurs="0" type="server-sslType"> <xs:annotation> <xs:documentation> Configuration of the SSLContext used for the connection from the application server back to it's host controller. </xs:documentation> </xs:annotation> </xs:element> </xs:all> <xs:attribute name="name" type="xs:string" use="required"/> <xs:attribute name="group" type="xs:string" use="required"/> <xs:attribute name="auto-start" type="xs:boolean" default="true"/> <xs:attribute name="update-auto-start-with-server-status" type="xs:boolean" default="false"> <xs:annotation> <xs:documentation> Iif the server last status (STARTED or STOPPED) is to be used to define the value of auto-start. </xs:documentation> </xs:annotation> </xs:attribute> </xs:complexType> {code} I found issue now as: * RFE was switched into Verificaiton TODO in DR16 * There existed and still exists couple of related issues (JBEAP-8147, JBEAP-10060, JBEAP-9630) which hint this area is not working properly, so focus was on another areas. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira April 2017