]
Brian Stansberry updated WFCORE-2016:
-------------------------------------
Fix Version/s: 3.0.0.Beta8
(was: 3.0.0.Beta7)
Change sasl-authentication-factor for management auth works after
reload, but not after server restart
------------------------------------------------------------------------------------------------------
Key: WFCORE-2016
URL:
https://issues.jboss.org/browse/WFCORE-2016
Project: WildFly Core
Issue Type: Bug
Components: Domain Management, Security
Reporter: Zach Rhoads
Assignee: Darran Lofthouse
Fix For: 3.0.0.Beta8
I can successfully configure a new sasl-authentication-factory and assign it to the
management interface:
{code}
/subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir)
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add()
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"})
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add-attribute(name=Roles,
value=["Admin","Guest"])
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
/subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm,role-decoder=from-roles-attribute}],default-realm=exampleFsRealm,permission-mapper=login-permission-mapper)
/subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleSaslRealm}]}])
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory,
value=example-sasl-auth)
reload
{code}
after reload, i am forced to re-authenticate and it succeeds:
{code}
[standalone@localhost:9990 /] reload
Authenticating against security realm: exampleSaslRealm
Username: user1
Password:
[standalone@localhost:9990 /]
{code}
Once i restart the server though and try to connect, i get a timeout:
{code}
$ ./jboss-cli.sh -c
Failed to connect to the controller: The controller is not available at localhost:9990:
java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990.
The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990.
The connection timed out
{code}
It also fails if i force no local auth:
{code}
$ ./jboss-cli.sh -c --no-local-auth
Failed to connect to the controller: The controller is not available at localhost:9990:
java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990.
The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990.
The connection timed out
{code}/