[jboss-jira] [JBoss JIRA] (WFLY-8301) Picketlink trust domain config needs to be in attribute and not path
Tomaz Cerar (JIRA)
issues at jboss.org
Mon Mar 6 11:24:01 EST 2017
Tomaz Cerar created WFLY-8301:
---------------------------------
Summary: Picketlink trust domain config needs to be in attribute and not path
Key: WFLY-8301
URL: https://issues.jboss.org/browse/WFLY-8301
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Tomaz Cerar
Assignee: Darran Lofthouse
Currently trustdomain for PL federation is configured by adding new sub resource under idenity-provider
Problem is that name of the trust domain resource you add is an url.
In case that URL is ipv6 one in square brackets [::1] this makes it a invalid path.
Currently testsuite relies on this to work, and by some miracle it works when configured via XML, but trying to do so with CLI fails as [] are forbidden chars in path (resource name)
example of CLI command
{{/subsystem=picketlink-federation/federation=federation-simple-redirect-binding/identity-provider=idp-redirect.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-redirect-with-signatures/identity-provider=idp-redirect-sig.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-simple-post-binding/identity-provider=idp-post.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-post-with-signatures/identity-provider=idp-post-sig.war/trust-domain=${public.ip}:add
/subsystem=picketlink-federation/federation=federation-with-metadata/identity-provider=idp-metadata.war/trust-domain=${public.ip}:add}}
where ${public.ip} can be 127.0.01 or [::1]
I think given that TrustDomainResourceDefinition has no attributes beyond own name.
it could be converted to a List<String> on parent resource.
or name should be used only for id, with additional attribute that would represent domain.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list