August 2019 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-4314) Enchance keystore CLI commands

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4314?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4314: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Enchance keystore CLI commands > ------------------------------ > > Key: WFCORE-4314 > URL: https://issues.jboss.org/browse/WFCORE-4314 > Project: WildFly Core > Issue Type: Enhancement > Components: Security > Reporter: Bartosz Baranowski > Assignee: Bartosz Baranowski > Priority: Major > Fix For: 10.0.0.Beta4 > > -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4227) Add the ability for the CLI SSL security commands to be able to obtain a server certificate from Let's Encrypt

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4227?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4227: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Add the ability for the CLI SSL security commands to be able to obtain a server certificate from Let's Encrypt > -------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-4227 > URL: https://issues.jboss.org/browse/WFCORE-4227 > Project: WildFly Core > Issue Type: Feature Request > Reporter: Marek Marusic > Assignee: Marek Marusic > Priority: Major > Fix For: 10.0.0.Beta4 > > > WFCORE-3447 introduced high-level security commands (ssl enable-ssl-management and ssl enable-ssl-http-server) for enabling one-way and two-way SSL easily. To generate the server certificate, these high-level security commands made use of key-store management operations to generate a self-signed certificate. Since it is now possible to obtain certificates from the Let's Encrypt certificate authority using the CLI, the high-level security commands should be updated so that in addition to being able to generate a self-signed server certificate, they can also obtain a server certificate from Let's Encrypt. Details on the new management operations for obtaining and managing certificates from Let's Encrypt can be found in the analysis document and in this blog post. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4447) Elytron: Ability to load the attributes of an identity from multiple sources

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4447?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4447: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Elytron: Ability to load the attributes of an identity from multiple sources > ---------------------------------------------------------------------------- > > Key: WFCORE-4447 > URL: https://issues.jboss.org/browse/WFCORE-4447 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Major > Fix For: 10.0.0.Beta4 > > > In previous versions a {{security-domain}} was used to merge or add roles from multiple repositories. For example the roles for the users were obtained from two different ldaps and a database. All the roles were merged and the final authenticated principal belonged to all of them. The old picketbox subsystem used stacking of login modules (and password) to implement this feature. This use-case is not rare among the customers. > This issue is avoiding migrations from the old security subsystem to elytron. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4407) Cannot configure Elytron security domain using embedded server in admin mode

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4407?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4407: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Cannot configure Elytron security domain using embedded server in admin mode > ---------------------------------------------------------------------------- > > Key: WFCORE-4407 > URL: https://issues.jboss.org/browse/WFCORE-4407 > Project: WildFly Core > Issue Type: Bug > Components: Embedded > Environment: > Reporter: Yeray Borges > Assignee: Yeray Borges > Priority: Major > Fix For: 10.0.0.Beta4 > > > There are some configurations that are impossible to do using the embedded server, for example, we cannot create a security domain in Elytron that references a security domain in the security subsystem: > {noformat} > embed-server --server-config=standalone-full-ha.xml --std-out=echo > /subsystem=security/security-domain=my-sec-domain:add(cache-type=default) > /subsystem=security/security-domain=my-sec-domain/authentication=classic:add(login-modules=[{code=RealmUsersRoles, flag=required, module=RealmUsersRoles, module-options=[("usersProperties"=>"usersProperties"),("rolesProperties"=>"rolesProperties")]}]) > /subsystem=security/elytron-realm=my-sec-domain:add(legacy-jaas-config=my-sec-domain) > /subsystem=elytron/security-domain=my-sec-domain:add(realms=[{realm=my-sec-domain}],default-realm=my-sec-domain,permission-mapper=default-permission-mapper) > stop-embedded-server > {noformat} > The execution of these operations in an embedded server running in admin-mode throws the following error: > {noformat} > [standalone@embedded /] /subsystem=elytron/security-domain=my-sec-domain:add(realms=[{realm=my-sec-domain}],default-realm=my-sec-domain,permission-mapper=default-permission-mapper) > 12:30:53,429 ERROR [org.jboss.as.controller.management-operation] (pool-3-thread-1) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("security-domain" => "my-sec-domain") > ]) - failure description: { > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.my-sec-domain"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.my-sec-domain.initial is missing [org.wildfly.security.security-realm.my-sec-domain]"] > } > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.my-sec-domain"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.my-sec-domain.initial is missing [org.wildfly.security.security-realm.my-sec-domain]"] > }, > "rolled-back" => true > } > {noformat} > The problem here is Elytron security domain services cannot be up because they require the legacy installed realm services, which are not up when we are using embedded in admin-only mode. > The SecurityDomain advertises no runtime operation, if no services are installed that would ever depend on security domain we may be able to skip installing some of these services entirely and allow their configuration in embedded / admin-only. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4394) Enhanced Audit Logging - RFC support and Configuring Reconnects

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4394?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4394: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Enhanced Audit Logging - RFC support and Configuring Reconnects > --------------------------------------------------------------- > > Key: WFCORE-4394 > URL: https://issues.jboss.org/browse/WFCORE-4394 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Justin Cook > Assignee: Justin Cook > Priority: Major > Labels: affects-model > Fix For: 10.0.0.Beta4 > > > Currently, Audit Logging in Elytron does not have the same capabilities as Legacy Security. This task is to enhance Elytron Audit Logging to have support for RFC5424/RFC3164 and add the additional ability to configure reconnect attempts. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4391) Upgrade apacheds-all to 2.0.0-M24 for Elytron tests

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4391?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4391: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Upgrade apacheds-all to 2.0.0-M24 for Elytron tests > --------------------------------------------------- > > Key: WFCORE-4391 > URL: https://issues.jboss.org/browse/WFCORE-4391 > Project: WildFly Core > Issue Type: Component Upgrade > Reporter: Farah Juma > Assignee: Farah Juma > Priority: Major > Fix For: 10.0.0.Beta4 > > > This upgrade is needed to avoid a race condition in Apache Directory Server that causes a hang in {{org.wildfly.extension.elytron.LdapTestCase}} with TLS 1.3. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4584) Include the new wildfly-elytron-encryption module

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4584?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4584: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Include the new wildfly-elytron-encryption module > ------------------------------------------------- > > Key: WFCORE-4584 > URL: https://issues.jboss.org/browse/WFCORE-4584 > Project: WildFly Core > Issue Type: Sub-task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Major > Fix For: 10.0.0.Beta4 > > -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4583) Add SecretKey manipulation operations to the credential-store resource

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4583?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4583: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Add SecretKey manipulation operations to the credential-store resource > ---------------------------------------------------------------------- > > Key: WFCORE-4583 > URL: https://issues.jboss.org/browse/WFCORE-4583 > Project: WildFly Core > Issue Type: Sub-task > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Major > Fix For: 10.0.0.Beta4 > > -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4540) Add error message with information that is not allowed to read secret-value and entry-type from Credential Store

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4540?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4540: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Add error message with information that is not allowed to read secret-value and entry-type from Credential Store > ---------------------------------------------------------------------------------------------------------------- > > Key: WFCORE-4540 > URL: https://issues.jboss.org/browse/WFCORE-4540 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Priority: Minor > Fix For: 10.0.0.Beta4 > > > Add error message with information that is not allowed to read secret-value and entry-type from Credential Store over CLI. > This CLI commands > {code} > /subsystem=elytron/credential-store=testCS/alias=someAlias:read-attribute(name=secret-value) > /subsystem=elytron/credential-store=testCS/alias=someAlias:read-attribute(name=entry-type) > {code} > end with success result. > {code} > { > "outcome" => "success", > "result" => undefined > } > {code} -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-4483) Add support for missing MP-JWT requirements

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFCORE-4483?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-4483: -------------------------------- Fix Version/s: 10.0.0.Beta4 (was: 10.0.0.Beta3) > Add support for missing MP-JWT requirements > ------------------------------------------- > > Key: WFCORE-4483 > URL: https://issues.jboss.org/browse/WFCORE-4483 > Project: WildFly Core > Issue Type: Feature Request > Components: Security > Reporter: Farah Juma > Assignee: Martin Mazanek > Priority: Major > Labels: EAP-CD18 > Fix For: 10.0.0.Beta4 > > > There are two main things that are currently missing: > * Support for injection of the currently authenticated caller as a {{JsonWebToken}} > * The {{java.security.Principal}} returned from {{javax.ws.rs.core.SecurityContext.getUserPrincipal()}} must be an instance of {{org.eclipse.microprofile.jwt.JsonWebToken}} > More details can be found [here|https://www.eclipse.org/community/eclipse_newsletter/2017/september/...]. -- This message was sent by Atlassian Jira (v7.12.1#712002)

6 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2019