[jboss-jira] [JBoss JIRA] (WFCORE-2510) Configuring automatic identity outflow causes the source domain to stop working
Brian Stansberry (JIRA)
issues at jboss.org
Thu Mar 9 07:09:00 EST 2017
[ https://issues.jboss.org/browse/WFCORE-2510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFCORE-2510:
-------------------------------------
Description:
When you configure an Elytron security domain to automatically outflow identities from it to a different domain, the source domain stops working.
How to reproduce:
1. configure management interface to be secured by Elytron ManagementDomain:
{noformat}
/core-service=management/access=identity:add(security-domain=ManagementDomain)
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
{noformat}
2. configure ManagementDomain to outflow its identity somewhere, eg. ApplicationDomain:
{noformat}
/subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=outflow-security-domains,value=[ApplicationDomain])
{noformat}
3. Reload the server
4. Try to invoke any operation using CLI, it will fail:
{noformat}
[standalone at localhost:9990 /] :whoami
Failed to perform read-operation-description: java.util.concurrent.ExecutionException: Operation failed: Operation failed: java.lang.NullPointerException:null
{noformat}
> Configuring automatic identity outflow causes the source domain to stop working
> -------------------------------------------------------------------------------
>
> Key: WFCORE-2510
> URL: https://issues.jboss.org/browse/WFCORE-2510
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Bartosz Baranowski
> Assignee: Bartosz Baranowski
>
> When you configure an Elytron security domain to automatically outflow identities from it to a different domain, the source domain stops working.
> How to reproduce:
> 1. configure management interface to be secured by Elytron ManagementDomain:
> {noformat}
> /core-service=management/access=identity:add(security-domain=ManagementDomain)
> /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
> /core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
> /core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
> {noformat}
> 2. configure ManagementDomain to outflow its identity somewhere, eg. ApplicationDomain:
> {noformat}
> /subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=outflow-security-domains,value=[ApplicationDomain])
> {noformat}
> 3. Reload the server
> 4. Try to invoke any operation using CLI, it will fail:
> {noformat}
> [standalone at localhost:9990 /] :whoami
> Failed to perform read-operation-description: java.util.concurrent.ExecutionException: Operation failed: Operation failed: java.lang.NullPointerException:null
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list