[JBoss JIRA] (WFLY-7986) Add some exclusions to the 'org.wildfly.extension.elytron' module.
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-7986?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-7986.
------------------------------------
Resolution: Out of Date
> Add some exclusions to the 'org.wildfly.extension.elytron' module.
> ------------------------------------------------------------------
>
> Key: WFLY-7986
> URL: https://issues.jboss.org/browse/WFLY-7986
> Project: WildFly
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Critical
> Fix For: 11.0.0.Beta1
>
>
> Likely to be something like: -
> bq. <exports>
> bq. <exclude path="org/wildfly/extension/elytron/ElytronExtension"/>
> bq. <exclude path="org/wildfly/extension/elytron/_private"/>
> bq. <exclude path="org/wildfly/extension/elytron/capabilities"/>
> bq. </exports>
> Although capabilities also needs to be double checked, this may be moved and hidden using standard Java visibility modifiers.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years
[JBoss JIRA] (WFLY-8245) AuthenticationContext should not be loaded from wildfly-config.xml automatically in deployment
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-8245?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-8245.
------------------------------------
Resolution: Rejected
> AuthenticationContext should not be loaded from wildfly-config.xml automatically in deployment
> ----------------------------------------------------------------------------------------------
>
> Key: WFLY-8245
> URL: https://issues.jboss.org/browse/WFLY-8245
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Critical
>
> In case when wildfly-config.xml is located in deployment and application server does not have configured default-authentication-context for Elytron subsystem, then AuthenticationContext is automatically parsed from wildfly-config.xml.
> In case when default-authentication-context for Elytron subsystem is configured, then AuthenticationContext is correctly loaded from application server.
> If this is intended then it should be reflect in documentation - it currently says that "... they can make use of a configuration file using the _parseAuthenticationClientConfiguration(URI)_ method ...", but in current implementation it is parsed automatically.
> [~dlofthouse] Could you please clarify whether this is intended change or it is an issue?
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years
[JBoss JIRA] (WFLY-8300) standalone-picketlink.xml boots with lots of errors
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-8300?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse reassigned WFLY-8300:
--------------------------------------
Assignee: (was: Darran Lofthouse)
> standalone-picketlink.xml boots with lots of errors
> ---------------------------------------------------
>
> Key: WFLY-8300
> URL: https://issues.jboss.org/browse/WFLY-8300
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Tomaz Cerar
>
> If you try to run standalone-picketlink.xml server configuration, it's boot fails with lots of problems. They look related to elytron changes, but I am not sure.
> {noformat}
> 15:27:36,476 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "picketlink-identity-management"),
> ("partition-manager" => "jpa.emf.modules.partition.manager")
> ]) - failure description: {
> "WFLYCTL0080: Failed services" => {"jboss.picketlink-identity-management.\"jpa.emf.modules.partition.manager\".\"jpa.config\".jpa-store" => "org.jboss.msc.service.StartException in service jb
> oss.picketlink-identity-management.\"jpa.emf.modules.partition.manager\".\"jpa.config\".jpa-store: Failed to start service
> Caused by: org.picketlink.idm.config.SecurityConfigurationException: WFLYPL0050: Entities module not found [my.module]."},
> "WFLYCTL0412: Required services that are not installed:" => ["jboss.picketlink-identity-management.\"jpa.emf.modules.partition.manager\".\"jpa.config\".jpa-store"]
> }
> 15:27:36,477 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "undertow"),
> ("server" => "default-server"),
> ("host" => "default-host"),
> ("setting" => "http-invoker")
> ]) - failure description: {
> "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.http-authentication-factory.application-http-authentication"],
> "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.undertow.server.default-server.default-host.http-invoker is missing [org.wildfly.security.http-authentication-factory.
> application-http-authentication]"]
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years
[JBoss JIRA] (WFLY-8301) Picketlink trust domain config needs to be in attribute and not path
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-8301?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse reassigned WFLY-8301:
--------------------------------------
Assignee: (was: Darran Lofthouse)
> Picketlink trust domain config needs to be in attribute and not path
> --------------------------------------------------------------------
>
> Key: WFLY-8301
> URL: https://issues.jboss.org/browse/WFLY-8301
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Tomaz Cerar
>
> Currently trustdomain for PL federation is configured by adding new sub resource under idenity-provider
> Problem is that name of the trust domain resource you add is an url.
> In case that URL is ipv6 one in square brackets [::1] this makes it a invalid path.
> Currently testsuite relies on this to work, and by some miracle it works when configured via XML, but trying to do so with CLI fails as [] are forbidden chars in path (resource name)
> example of CLI command
> {{/subsystem=picketlink-federation/federation=federation-simple-redirect-binding/identity-provider=idp-redirect.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-redirect-with-signatures/identity-provider=idp-redirect-sig.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-simple-post-binding/identity-provider=idp-post.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-post-with-signatures/identity-provider=idp-post-sig.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-with-metadata/identity-provider=idp-metadata.war/trust-domain=${public.ip}:add}}
> where ${public.ip} can be 127.0.01 or [::1]
> I think given that TrustDomainResourceDefinition has no attributes beyond own name.
> it could be converted to a List<String> on parent resource.
> or name should be used only for id, with additional attribute that would represent domain.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years