[JBoss JIRA] (WFCORE-5088) User is able to specify credential-reference with only store name
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-5088?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-5088:
--------------------------------
Fix Version/s: (was: 13.0.0.Final)
> User is able to specify credential-reference with only store name
> -----------------------------------------------------------------
>
> Key: WFCORE-5088
> URL: https://issues.redhat.com/browse/WFCORE-5088
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jan Stourac
> Assignee: Farah Juma
> Priority: Major
> Fix For: 13.0.0.Beta5
>
>
> It is possible to create a {{credential-reference}} to the credential store just with the name of credential store in question - without specifying {{alias}} (or {{clear-text}} in case of automatic addition of new record into the credential store, see doc [16.4.2. Automatic Updates of Credential Stores|https://docs.wildfly.org/20/WildFly_Elytron_Security.html#referenc...]). Actual configuration error is revealed when server is reloaded with following error message in server log (note that I can see this error in case of 'key-store' example but not in case of 'imap' example - see Reproduction steps for this issue):
> {code}
> 22:03:26,791 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
> ("subsystem" => "elytron"),
> ("key-store" => "exampleKS")
> ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.exampleKS" => "WFLYELY00004: Unable to start the service.
> Caused by: java.io.IOException: WFLYELY00910: Password cannot be resolved for key-store '/tmp/cred/wildfly-20.0.1.Final/standalone/configuration/example.keystore'"}}
> {code}
> This misconfiguration is not possible to do in {{Wildfly 19.1.0.Final}} as you are requested to specify {{alias}} attribute too.
> I suspect that change in behavior has been introduced thanks to this new feature https://issues.redhat.com/browse/WFLY-12218 (see the doc referenced above).
> Correct behavior is to require credential store name and:
> # 'alias'
> # or 'alias' and 'clear-text'
> # or 'clear-text' (alias will be generated automatically in this case)
> as described in the referenced documentation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
3 years, 8 months
[JBoss JIRA] (WFCORE-5103) Adding non existent and not required keystore fails
by Jeff Mesnil (Jira)
[ https://issues.redhat.com/browse/WFCORE-5103?page=com.atlassian.jira.plug... ]
Jeff Mesnil updated WFCORE-5103:
--------------------------------
Fix Version/s: (was: 13.0.0.Final)
> Adding non existent and not required keystore fails
> ---------------------------------------------------
>
> Key: WFCORE-5103
> URL: https://issues.redhat.com/browse/WFCORE-5103
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Jean Francois Denise
> Assignee: Martin Mazánek
> Priority: Major
> Fix For: 13.0.0.Beta6
>
>
> We are in a case where a CLI script is executed in an embedded server. They keystore added doesn't exist locally when the script is run. The operation is:
> /subsystem=elytron/key-store=keystore:add(required=false, path="/etc/foo/keystore.jks", credential-reference=\{clear-text=${keystore.password}})
> Error:
> "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.keystore" => "WFLYELY00004: Unable to start the service.
> [ERROR] Caused by: org.jboss.msc.service.StartException in anonymous service: WFLYELY00022: KeyStore file '/etc/wf-secrets/keystore.jks' does not exist and required."}},
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
3 years, 8 months