[jboss-jira] [JBoss JIRA] (WFCORE-2009) Management SSL Configuration always requires Security Realm

[Zach Rhoads (JIRA)]

Zach Rhoads created WFCORE-2009:
-----------------------------------

             Summary: Management SSL Configuration always requires Security Realm
                 Key: WFCORE-2009
                 URL: https://issues.jboss.org/browse/WFCORE-2009
             Project: WildFly Core
          Issue Type: Bug
            Reporter: Zach Rhoads
            Assignee: Darran Lofthouse


When configuring SSL/TLS for the management interfaces, you need to specify an (ssl-context or security-realm) and secure-socket-binding. When using ssl-context and secure-socket-binding, it fails with:

{code}
"WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set"
{code}

failing operations:


{code:java}
batch

/subsystem=elytron/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)

/subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret})

/subsystem=elytron/server-ssl-context=httpsSSC:add(key-managers=httpsKM,protocols=["TLSv1.1"])

/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=httpsSSC)

/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)

run-batch

reload
{code}


Oddly, this will pass (specifying BOTH ssl-context and security-realm):


{code:java}
batch

/subsystem=elytron/key-store=httpsKS:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)

/subsystem=elytron/key-managers=httpsKM:add(key-store=httpsKS,algorithm="SunX509",credential-reference={clear-text=secret})

/subsystem=elytron/server-ssl-context=httpsSSC:add(key-managers=httpsKM,protocols=["TLSv1.1"])

/core-service=management/management-interface=http-interface:write-attribute(name=ssl-context, value=httpsSSC)

/core-service=management/management-interface=http-interface:write-attribute(name=security-realm, value=ManagementDomain)

/core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding, value=management-https)

run-batch

reload
{code}





--
This message was sent by Atlassian JIRA
(v7.2.3#72005)