[jboss-jira] [JBoss JIRA] (WFCORE-2136) Using management CLI with client configuration still prompts for username/password

Zach Rhoads (JIRA) issues at jboss.org
Tue Dec 20 16:54:00 EST 2016 

     [ https://issues.jboss.org/browse/WFCORE-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Zach Rhoads updated WFCORE-2136:
--------------------------------
    Steps to Reproduce: 
configure management interface

{code}
/subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir)
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add()
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"})
/subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm}],default-realm=exampleFsRealm,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=example-fs-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}])
/subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleManagementRealm}]}])
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth)
reload
{code}

create custom-config.xml
{code:xml}
<configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="configuration1">
                <match-host name="localhost" />
            </rule>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="configuration1">
                <allow-sasl-mechanisms names="DIGEST-MD5" />
                 <use-service-loader-providers />
                 <set-user-name name="user1" />
                 <credentials>
                     <clear-password password="password123" />
                 </credentials>
                 <set-mechanism-realm name="exampleManagementRealm" />
             </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>
{code}

attempt to connect using custom-config.xml
{code}
./jboss-cli.sh -c  -Dwildfly.config.url=/path/to/custom-config.xml --controller=localhost:9990
{code}

responds prompting for username
{code}
Authenticating against security realm: exampleManagementRealm
Username:
{code}

  was:
configure management interface

{code}
/subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir)
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add()
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"})
/subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm}],default-realm=exampleFsRealm,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=example-fs-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}])
/subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleManagementRealm}]}])
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth)
reload
{code}

create custom-config.xml
{code:xml}
<configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="configuration1">
                <match-host name="localhost" />
            </rule>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="configuration1">
                <allow-sasl-mechanisms names="DIGEST-MD5" />
                 <use-service-loader-providers />
                 <set-user-name name="user1" />
                 <credentials>
                     <clear-password password="password123" />
                 </credentials>
                 <set-mechanism-realm name="exampleManagementRealm" />
             </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>
{code}

attempt to connect using custom-config.xml
{code}
./jboss-cli.sh -c  -Dwildfly.config.url=/path/to/custom-config.xml --controller=localhost:9990
Authenticating against security realm: exampleManagementRealm
Username:
{code}



> Using management CLI with client configuration still prompts for username/password
> ----------------------------------------------------------------------------------
>
>                 Key: WFCORE-2136
>                 URL: https://issues.jboss.org/browse/WFCORE-2136
>             Project: WildFly Core
>          Issue Type: Bug
>            Reporter: Zach Rhoads
>
> When configuring the wildfly management cli to use an elytron client config file, server still prompts for username password.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list