June 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2903) Elytron, remove case-sensistive attribute from security realm configurations

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2903?page=com.atlassian.jira.plugi... ] Yeray Borges updated WFCORE-2903: --------------------------------- Summary: Elytron, remove case-sensistive attribute from security realm configurations (was: Elytron, case-sensistive=false attribute making problems for Kerberos) > Elytron, remove case-sensistive attribute from security realm configurations > ---------------------------------------------------------------------------- > > Key: WFCORE-2903 > URL: https://issues.jboss.org/browse/WFCORE-2903 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Yeray Borges > Assignee: Yeray Borges > Priority: Critical > > {{case-sensitive}} attribute with default value to false introduced in DR16 is making problem using kerberos authentication. > {code} > WFLYELY00918: Invalid user name 'jduke(a)JBOSS.ORG' because the realm fileSystemRealm only supports lower case alias names > {code} > It is common to have uppercase realm name in kerberos authentication. User can workaround issue, but it is really unexpected to not work out of box. > * case-sensitive = true > * use principal-transformer 'jduke(a)JBOSS.ORG' -> 'jduke' > {code} > "case-sensitive" => { > "type" => BOOLEAN, > "description" => "Case sensitivity of the properties realm. If case insensitive only lower usernames are allowed.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "default" => false, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (ELY-927) Pass additional information to Elytron Realm getCredential method

by David Lloyd (JIRA)

[ https://issues.jboss.org/browse/ELY-927?page=com.atlassian.jira.plugin.sy... ] David Lloyd resolved ELY-927. ----------------------------- Resolution: Duplicate Issue > Pass additional information to Elytron Realm getCredential method > ----------------------------------------------------------------- > > Key: ELY-927 > URL: https://issues.jboss.org/browse/ELY-927 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Darran Lofthouse > > There should be a possibility to retrieve additional information (e.g. Digest Realm name) in the realms when calling {{getCredential}} method. Currently such info has to be provided (duplicated) in the realm configuration. > This issue is created as follow up for JBEAP-6003. See [this comment|https://issues.jboss.org/browse/JBEAP-6003?focusedCommentId=13359...] with HipChat discussion. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2906) Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2906?page=com.atlassian.jira.plugi... ] Hynek Švábek moved WFLY-8876 to WFCORE-2906: -------------------------------------------- Project: WildFly Core (was: WildFly) Key: WFCORE-2906 (was: WFLY-8876) Component/s: Security (was: Security) > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2906 > URL: https://issues.jboss.org/browse/WFCORE-2906 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > "Value" and credential-reference are mutually exclusive and one of them must be set. > *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* > *User is not able to do some like that:* > {code} > /core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=credential-reference, value={clear-text=pass123}) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0105: credential-reference is invalid in combination with value", > "rolled-back" => true > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/server-identity=secret:undefine-attribute(name=value > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0172: value is required", > "rolled-back" => true > } > {code} > *resource-description* > {code:collapse} > [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration of the secret/password-based identity of a server or host controller.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "value" => { > "type" => STRING, > "description" => "The secret / password - Base64 Encoded.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2905) Server-identity/secret integration with credential reference is not correct.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2905?page=com.atlassian.jira.plugi... ] Hynek Švábek moved WFLY-8877 to WFCORE-2905: -------------------------------------------- Project: WildFly Core (was: WildFly) Key: WFCORE-2905 (was: WFLY-8877) Component/s: Security (was: Security) > Server-identity/secret integration with credential reference is not correct. > ---------------------------------------------------------------------------- > > Key: WFCORE-2905 > URL: https://issues.jboss.org/browse/WFCORE-2905 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > Server-identity/secret integration with credential reference is not correct. > When is set Server-identity/secret to use password obtained from credential-store then there is a problem with it. > I observe that SecretIdentityService expects password as constructor argument [1][2] and afterwards is resolved password from credential-store. But it fails because of regular password isn't defined and it is used as method argument [3]. > *Server log* > {code:collapse} > [Host Controller] [0m[31m12:27:48,205 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ManagementRealm.secret: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ManagementRealm.secret: Failed to start service[0m > [Host Controller] [31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978)[0m > [Host Controller] [31m at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[0m > [Host Controller] [31m at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[0m > [Host Controller] [31m at java.lang.Thread.run(Thread.java:745)[0m > [Host Controller] [31mCaused by: java.lang.IllegalArgumentException: Last unit does not have enough valid bits[0m > [Host Controller] [31m at java.util.Base64$Decoder.decode0(Base64.java:734)[0m > [Host Controller] [31m at java.util.Base64$Decoder.decode(Base64.java:526)[0m > [Host Controller] [31m at java.util.Base64$Decoder.decode(Base64.java:549)[0m > [Host Controller] [31m at org.jboss.as.domain.management.security.SecretIdentityService.start(SecretIdentityService.java:77)[0m > [Host Controller] [31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)[0m > [Host Controller] [31m at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)[0m > [Host Controller] [31m ... 3 more[0m > {code} > [1] https://github.com/wildfly/wildfly-core/blob/3.0.0.Beta22/domain-manageme... > [2] https://github.com/wildfly/wildfly-core/blob/3.0.0.Beta22/domain-manageme... > [3] https://github.com/wildfly/wildfly-core/blob/3.0.0.Beta22/domain-manageme... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2904) management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2904?page=com.atlassian.jira.plugi... ] Hynek Švábek moved WFLY-8878 to WFCORE-2904: -------------------------------------------- Project: WildFly Core (was: WildFly) Key: WFCORE-2904 (was: WFLY-8878) Component/s: Security (was: Security) > management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2904 > URL: https://issues.jboss.org/browse/WFCORE-2904 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > "Value" and credential-reference are mutually exclusive and one of them must be set. > *There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.* > *Scenario* > Prerequisites > {code:collapse} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove() > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add() > {code} > Add new user with password > {code} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword) > {"outcome" => "success"} > {code} > Change password to credential-reference > {code} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0172: password is required", > "rolled-back" => true > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123}) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference", > "rolled-back" => true > } > {code} > *read-resource-description* > {code:collapse} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => {}, > "operations" => undefined, > "notifications" => undefined, > "children" => {"user" => { > "description" => "An authorized user.", > "model-description" => undefined > }} > } > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true > { > "outcome" => "success", > "result" => { > "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => {}, > "operations" => undefined, > "notifications" => undefined, > "children" => {"user" => { > "description" => "An authorized user.", > "model-description" => {"*" => { > "description" => "An authorized user.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "password" => { > "type" => STRING, > "description" => "The user's password.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > }} > }} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8878) management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8878?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8878: ------------------------------- Description: management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.* *Scenario* Prerequisites {code:collapse} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove() [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add() {code} Add new user with password {code} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword) {"outcome" => "success"} {code} Change password to credential-reference {code} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password) { "outcome" => "failed", "failure-description" => "WFLYCTL0172: password is required", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123}) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference", "rolled-back" => true } {code} *read-resource-description* {code:collapse} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => undefined }} } } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => {"*" => { "description" => "An authorized user.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "password" => { "type" => STRING, "description" => "The user's password.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} }} }} } } {code} was: management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.* *Scenario* Prerequisites {code:collapse} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove() [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add() {code} Add new user with password {code} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword) {"outcome" => "success"} {code} Change password to credential-reference {code} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password) { "outcome" => "failed", "failure-description" => "WFLYCTL0172: password is required", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123}) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference", "rolled-back" => true } {code} *read-resource-description* {code:collapse} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => undefined }} } } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => {"*" => { "description" => "An authorized user.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "password" => { "type" => STRING, "description" => "The user's password.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} }} }} } } {code} > management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8878 > URL: https://issues.jboss.org/browse/WFLY-8878 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > "Value" and credential-reference are mutually exclusive and one of them must be set. > *There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.* > *Scenario* > Prerequisites > {code:collapse} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove() > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add() > {code} > Add new user with password > {code} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword) > {"outcome" => "success"} > {code} > Change password to credential-reference > {code} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0172: password is required", > "rolled-back" => true > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123}) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference", > "rolled-back" => true > } > {code} > *read-resource-description* > {code:collapse} > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => {}, > "operations" => undefined, > "notifications" => undefined, > "children" => {"user" => { > "description" => "An authorized user.", > "model-description" => undefined > }} > } > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true > { > "outcome" => "success", > "result" => { > "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => {}, > "operations" => undefined, > "notifications" => undefined, > "children" => {"user" => { > "description" => "An authorized user.", > "model-description" => {"*" => { > "description" => "An authorized user.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "password" => { > "type" => STRING, > "description" => "The user's password.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > }} > }} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8876) Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8876?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8876: ------------------------------- Description: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* *User is not able to do some like that:* {code} /core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=credential-reference, value={clear-text=pass123}) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: credential-reference is invalid in combination with value", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/server-identity=secret:undefine-attribute(name=value { "outcome" => "failed", "failure-description" => "WFLYCTL0172: value is required", "rolled-back" => true } {code} *resource-description* {code:collapse} [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration of the secret/password-based identity of a server or host controller.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "value" => { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} } } {code} was: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* *User is not able to do some like that:* {code} /core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=credential-reference, value={clear-text=pass123}) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: credential-reference is invalid in combination with value", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/server-identity=secret:undefine-attribute(name=value { "outcome" => "failed", "failure-description" => "WFLYCTL0172: value is required", "rolled-back" => true } {code} *resource-description* {code:collapse} [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration of the secret/password-based identity of a server or host controller.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "value" => { "type" => STRING, "description" => "The secret / password - Base64 Encoded.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} } } {code} > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8876 > URL: https://issues.jboss.org/browse/WFLY-8876 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > "Value" and credential-reference are mutually exclusive and one of them must be set. > *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* > *User is not able to do some like that:* > {code} > /core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=credential-reference, value={clear-text=pass123}) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0105: credential-reference is invalid in combination with value", > "rolled-back" => true > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/server-identity=secret:undefine-attribute(name=value > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0172: value is required", > "rolled-back" => true > } > {code} > *resource-description* > {code:collapse} > [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration of the secret/password-based identity of a server or host controller.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "value" => { > "type" => STRING, > "description" => "The secret / password - Base64 Encoded.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8876) Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.

by Hynek Švábek (JIRA)

[ https://issues.jboss.org/browse/WFLY-8876?page=com.atlassian.jira.plugin.... ] Hynek Švábek updated WFLY-8876: ------------------------------- Summary: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. (was: Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option.) > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: WFLY-8876 > URL: https://issues.jboss.org/browse/WFLY-8876 > Project: WildFly > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Blocker > > Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. > "Value" and credential-reference are mutually exclusive and one of them must be set. > *There must be a way how to update existing server-identity/secret for change "value" to credential-reference and vice versa.* > *User is not able to do some like that:* > {code} > /core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=credential-reference, value={clear-text=pass123}) > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0105: credential-reference is invalid in combination with value", > "rolled-back" => true > } > [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/server-identity=secret:undefine-attribute(name=value > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0172: value is required", > "rolled-back" => true > } > {code} > *resource-description* > {code:collapse} > [domain@localhost:9990 /] /host=master/core-service=management/security-realm=ManagementRealm/server-identity=secret:read-resource-description > { > "outcome" => "success", > "result" => { > "description" => "Configuration of the secret/password-based identity of a server or host controller.", > "deprecated" => { > "since" => "1.7.0", > "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." > }, > "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, > "attributes" => { > "credential-reference" => { > "type" => OBJECT, > "description" => "The reference to credential for the secret / password stored in CredentialStore under defined alias or clear text password.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["value"], > "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, > "value-type" => { > "store" => { > "type" => STRING, > "description" => "The name of the credential store holding the alias to credential.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "alternatives" => ["clear-text"], > "requires" => ["alias"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "alias" => { > "type" => STRING, > "description" => "The alias which denotes stored secret or credential in the store.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "requires" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > }, > "type" => { > "type" => STRING, > "description" => "The type of credential this reference is denoting.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > }, > "clear-text" => { > "type" => STRING, > "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", > "expressions-allowed" => true, > "required" => false, > "nillable" => true, > "alternatives" => ["store"], > "min-length" => 1L, > "max-length" => 2147483647L > } > }, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > }, > "value" => { > "type" => STRING, > "description" => "The secret / password - Base64 Encoded.", > "expressions-allowed" => true, > "required" => true, > "nillable" => true, > "alternatives" => ["credential-reference"], > "min-length" => 1L, > "max-length" => 2147483647L, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "no-services" > } > }, > "operations" => undefined, > "notifications" => undefined, > "children" => {} > } > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8878) management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.

by Hynek Švábek (JIRA)

Hynek Švábek created WFLY-8878: ---------------------------------- Summary: management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option. Key: WFLY-8878 URL: https://issues.jboss.org/browse/WFLY-8878 Project: WildFly Issue Type: Bug Components: Security Reporter: Hynek Švábek Assignee: Darran Lofthouse Priority: Blocker management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option. "Value" and credential-reference are mutually exclusive and one of them must be set. *There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.* *Scenario* Prerequisites {code:collapse} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove() [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add() {code} Add new user with password {code} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword) {"outcome" => "success"} {code} Change password to credential-reference {code} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password) { "outcome" => "failed", "failure-description" => "WFLYCTL0172: password is required", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123}) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference", "rolled-back" => true } {code} *read-resource-description* {code:collapse} [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => undefined }} } } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => {"*" => { "description" => "An authorized user.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "password" => { "type" => STRING, "description" => "The user's password.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} }} }} } } {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2903) Elytron, case-sensistive=false attribute making problems for Kerberos

by Yeray Borges (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2903?page=com.atlassian.jira.plugi... ] Yeray Borges moved JBEAP-11306 to WFCORE-2903: ---------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2903 (was: JBEAP-11306) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) Affects Version/s: (was: 7.1.0.DR16) > Elytron, case-sensistive=false attribute making problems for Kerberos > --------------------------------------------------------------------- > > Key: WFCORE-2903 > URL: https://issues.jboss.org/browse/WFCORE-2903 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Yeray Borges > Assignee: Yeray Borges > Priority: Critical > > {{case-sensitive}} attribute with default value to false introduced in DR16 is making problem using kerberos authentication. > {code} > WFLYELY00918: Invalid user name 'jduke(a)JBOSS.ORG' because the realm fileSystemRealm only supports lower case alias names > {code} > It is common to have uppercase realm name in kerberos authentication. User can workaround issue, but it is really unexpected to not work out of box. > * case-sensitive = true > * use principal-transformer 'jduke(a)JBOSS.ORG' -> 'jduke' > {code} > "case-sensitive" => { > "type" => BOOLEAN, > "description" => "Case sensitivity of the properties realm. If case insensitive only lower usernames are allowed.", > "expressions-allowed" => false, > "required" => false, > "nillable" => true, > "default" => false, > "access-type" => "read-write", > "storage" => "configuration", > "restart-required" => "resource-services" > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira June 2017