[jboss-jira] [JBoss JIRA] (WFLY-8301) Picketlink trust domain config needs to be in attribute and not path

Darran Lofthouse (JIRA) issues at jboss.org
Fri Jul 7 12:35:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFLY-8301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse reassigned WFLY-8301:
--------------------------------------

    Assignee:     (was: Darran Lofthouse)


> Picketlink trust domain config needs to be in attribute and not path
> --------------------------------------------------------------------
>
>                 Key: WFLY-8301
>                 URL: https://issues.jboss.org/browse/WFLY-8301
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>            Reporter: Tomaz Cerar
>
> Currently trustdomain for PL federation is configured by adding new sub resource under idenity-provider
> Problem is that name of the trust domain resource you add is an url.
> In case that URL is ipv6 one in square brackets [::1] this makes it a invalid path.
> Currently testsuite relies on this to work, and by some miracle it works when configured via XML, but trying to do so with CLI fails as [] are forbidden chars in path (resource name)
> example of CLI command
> {{/subsystem=picketlink-federation/federation=federation-simple-redirect-binding/identity-provider=idp-redirect.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-redirect-with-signatures/identity-provider=idp-redirect-sig.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-simple-post-binding/identity-provider=idp-post.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-post-with-signatures/identity-provider=idp-post-sig.war/trust-domain=${public.ip}:add
> /subsystem=picketlink-federation/federation=federation-with-metadata/identity-provider=idp-metadata.war/trust-domain=${public.ip}:add}}
> where ${public.ip} can be 127.0.01 or [::1]
> I think given that TrustDomainResourceDefinition has no attributes beyond own name.
> it could be converted to a List<String> on parent resource.
> or name should be used only for id, with additional attribute that would represent domain.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list