[jboss-jira] [JBoss JIRA] (WFLY-8937) Management/security-realm/authentication/users integration with credential reference is not correct.
Hynek Švábek (JIRA)
issues at jboss.org
Thu Jun 15 04:27:01 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hynek Švábek updated WFLY-8937:
-------------------------------
Steps to Reproduce:
* Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml
* Run EAP server with standalone.xml configuration file which is attached.
* There are defined three users one uses password and others use credential store (clear-text password and store + alias)
** go to http://localhost:9990/console/App.html and use pepa/pepa123 credentials - it works (uses password attribute)
** go to http://localhost:9990/console/App.html and use hynek/hynek123 credentials - it doesn't work (uses credential-reference and store + alias)
** go to http://localhost:9990/console/App.html and use ondra/ondra123 credentials - it doesn't work (uses credential-reference and clear-text password)
* You can create your own credential store like that
{code}
/subsystem=elytron/credential-store=cs002:add(create=true, location=cs002.jceks, relative-to="jboss.server.data.dir", credential-reference={clear-text=pass123})
{code}
* You can add there new alias to credential store like that
{code}
/subsystem=elytron/credential-store=cs002:add-alias(alias=newuseralias, secret-value=newuser123)
{code}
* and then add there new authentication user for management like that
{code}
/core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs002, alias=newuseralias})
{code}
Then you can try log in to management console http://localhost:9990/console/App.html
newuser/newuser123
was:
* Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml
* Run EAP server with standalone.xml configuration file which is attached.
* There are defined three users one uses password and others use credential store (clear-text password and store + alias)
** go to http://localhost:9990/console/App.html and use pepa/pepa123 credentials - it works (uses password attribute)
** go to http://localhost:9990/console/App.html and use hynek/hynek123 credentials - it doesn't work (uses credential-reference and store + alias)
** go to http://localhost:9990/console/App.html and use ondra/ondra123 credentials - it doesn't work (uses credential-reference and clear-text password)
* You can add there new alias to credential store like that
{code}
/subsystem=elytron/credential-store=cs001:add-alias(alias=newuseralias, secret-value=newuser123)
{code}
* and then add there new authentication user for management like that
{code}
/core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs001, alias=newuseralias})
{code}
Then you can try log in to management console http://localhost:9990/console/App.html
newuser/newuser123
> Management/security-realm/authentication/users integration with credential reference is not correct.
> ----------------------------------------------------------------------------------------------------
>
> Key: WFLY-8937
> URL: https://issues.jboss.org/browse/WFLY-8937
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> Management/security-realm/authentication/users integration with credential reference is not correct.
> When user set authentication/users instead of authentication/properties and add there user who has defined credential-reference then he is not able to log in to management console.
> It must work, please check *Steps to Reproduce* section.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list