[JBoss JIRA] (ELYWEB-8) constraint drive authentication method in undertow doesn't work with elytron
by Bartosz Spyrko-Śmietanko (JIRA)
[ https://issues.jboss.org/browse/ELYWEB-8?page=com.atlassian.jira.plugin.s... ]
Bartosz Spyrko-Śmietanko updated ELYWEB-8:
------------------------------------------
Affects Version/s: 1.2.0.Final
1.1.0.Final
> constraint drive authentication method in undertow doesn't work with elytron
> ----------------------------------------------------------------------------
>
> Key: ELYWEB-8
> URL: https://issues.jboss.org/browse/ELYWEB-8
> Project: Elytron Web
> Issue Type: Bug
> Affects Versions: 1.1.0.Final, 1.2.0.Final
> Reporter: Darran Lofthouse
> Assignee: Bartosz Spyrko-Śmietanko
> Priority: Critical
>
> When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.
> If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (ELY-1625) Fix ECPublicKey import in testsuite
by Farah Juma (JIRA)
Farah Juma created ELY-1625:
-------------------------------
Summary: Fix ECPublicKey import in testsuite
Key: ELY-1625
URL: https://issues.jboss.org/browse/ELY-1625
Project: WildFly Elytron
Issue Type: Task
Components: Testsuite
Reporter: Farah Juma
Assignee: Farah Juma
Ensure the testsuite uses {{java.security.interfaces.ECPublicKey}} instead of {{sun.security.ec.ECPublicKeyImpl}} to make sure compilation succeeds on IBM JDK.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFWIP-90) [Artemis 2.x upgrade] Undelivered messages in remote jca topology after restart
by Clebert Suconic (JIRA)
[ https://issues.jboss.org/browse/WFWIP-90?page=com.atlassian.jira.plugin.s... ]
Clebert Suconic commented on WFWIP-90:
--------------------------------------
I am pretty sure this is not a regression...
I"m dealing with similar issues with HornetQ.
I've been working on this but this is not an upgrade issue.
> [Artemis 2.x upgrade] Undelivered messages in remote jca topology after restart
> -------------------------------------------------------------------------------
>
> Key: WFWIP-90
> URL: https://issues.jboss.org/browse/WFWIP-90
> Project: WildFly WIP
> Issue Type: Bug
> Components: Artemis
> Reporter: Miroslav Novak
> Assignee: Martyn Taylor
> Priority: Blocker
>
> There are undelivered messages in scenario with where servers in remote JCA topology are restarted. There are undelivered message after test.
> Test scenario:
> * Start 2 server in Artemis cluster
> * Start 2 servers with MDB connected to Artemis cluster
> ** MDB resends messages from InQueue to OutQueue from/to remote cluster
> * Send messages to InQueue
> * Restart all server (one by one)
> * Consumes messages from OutQueue
> Results:
> After the test there are missing messages in OutQueue.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFLY-10803) WildFly Single Sign On Documentation
by Darran Lofthouse (JIRA)
Darran Lofthouse created WFLY-10803:
---------------------------------------
Summary: WildFly Single Sign On Documentation
Key: WFLY-10803
URL: https://issues.jboss.org/browse/WFLY-10803
Project: WildFly
Issue Type: Task
Components: Documentation, Security
Environment: *
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Presently there are a lot of options for single sign on that can be used with the application server, it could be useful to pull all of these into a single document.
* WildFly Clustering SSO
* Kerberos
* SAML
* KeyCloak
* OpenID Connect
For anyone tasked with implementing "SSO" this should give enough information to select between the available options.
>From that point we should document how to implement each of these options possibly with further sub options identified.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFCORE-3677) get-provider-points return /profile addresses for host level resources
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3677?page=com.atlassian.jira.plugi... ]
Brian Stansberry commented on WFCORE-3677:
------------------------------------------
Why is suggest-capabilities not sufficient? Why expend energy adding filtering to get-provider-points when suggest-capabilities was designed for the use case of determining the concrete capabilities that satisfy a requirement?
> get-provider-points return /profile addresses for host level resources
> ----------------------------------------------------------------------
>
> Key: WFCORE-3677
> URL: https://issues.jboss.org/browse/WFCORE-3677
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Management
> Reporter: Claudio Miranda
> Assignee: Jeff Mesnil
> Priority: Minor
>
> key-manager resource at /host=master/subsystem=elytron/key-manager=*
> contains the "key-store" attribute, which has a "capability-reference" => "org.wildfly.security.key-store"
> get-provider-points returns /profile addresses that should not be a valid reference for a host level resource
> {code}
> /host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")
> {
> "outcome" => "success",
> "result" => [
> "/host=master/subsystem=elytron/key-store=*",
> "/host=master/subsystem=elytron/ldap-key-store=*",
> "/host=master/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=elytron/key-store=*",
> "/profile=*/subsystem=elytron/ldap-key-store=*",
> "/profile=*/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=security/elytron-key-store=*",
> "/profile=*/subsystem=security/elytron-trust-store=*"
> ]
> }
> {code}
> A test case
> {code}
> /profile=full/subsystem=elytron/key-store=ks_full:add(credential-reference={clear-text=senha},type=JKS)
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=ks_full,credential-reference={clear-text=senha})
> {
> "outcome" => "failed",
> "result" => {},
> "failure-description" => {"host-failure-descriptions" => {"master" => "WFLYCTL0369: Required capabilities are not available:
> org.wildfly.security.key-store.ks_full in context 'host'; Possible registration points for this capability:
> /host=master/subsystem=elytron/key-store=*
> /host=master/subsystem=elytron/ldap-key-store=*
> /host=master/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=elytron/key-store=*
> /profile=*/subsystem=elytron/ldap-key-store=*
> /profile=*/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=security/elytron-key-store=*
> /profile=*/subsystem=security/elytron-trust-store=*"}},
> "rolled-back" => true
> }
> {code}
> The returned addresses in the error message should contains only valid addresses.
> side note: CLI code completion works correctly in not showing resources from /profile addresses.
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=<tab>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months
[JBoss JIRA] (WFWIP-81) MP Health reports UP when there is port collision for port 8080
by Jeff Mesnil (JIRA)
[ https://issues.jboss.org/browse/WFWIP-81?page=com.atlassian.jira.plugin.s... ]
Jeff Mesnil commented on WFWIP-81:
----------------------------------
For first iteration, I would suggest we only deal with deployment probes. So, yes the MP Health will (falsely) report UP when the server is not booting.
That's acceptable as our OpenShift probe has another way to check server status boot.
However this is an enhancement that can be made in a future iteration by adding a server probe that will report DOWN according to the server status.
> MP Health reports UP when there is port collision for port 8080
> ---------------------------------------------------------------
>
> Key: WFWIP-81
> URL: https://issues.jboss.org/browse/WFWIP-81
> Project: WildFly WIP
> Issue Type: Bug
> Components: MP Health
> Reporter: Rostislav Svoboda
> Assignee: Jeff Mesnil
> Priority: Critical
>
> MP Health reports UP when there is port collision for port 8080.
> I have simple python app to acquire port 8080 and once it runs I start WF server
> {code}
> import SimpleHTTPServer
> import SocketServer
> PORT = 8080
> Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
> httpd = SocketServer.TCPServer(("127.0.0.1", PORT), Handler)
> print "serving at port", PORT
> httpd.serve_forever()
> {code}
> WF reports Address already in use /127.0.0.1:8080, deployments are not deployed.
> Accessing http://localhost:9990/health/ reports "outcome":"UP"
> I think this is wrong and DOWN should be reported.
> Spec is misleading because it says {{A producer without health check procedures installed MUST returns positive overall outcome (i.e. HTTP 200)}} but it silently assumes server started correctly.
> I believe authors of the spec expected that if there is some trouble like port collision the server doesn't start, WildFly is a bit further as it allows to boot even if some services are not started properly.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
7 years, 11 months