[jboss-jira] [JBoss JIRA] (WFWIP-316) Different behaviour of ADMIN_PASSWORD and securing management interface

Darran Lofthouse (Jira) issues at jboss.org
Wed May 13 03:47:20 EDT 2020 

    [ https://issues.redhat.com/browse/WFWIP-316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14094934#comment-14094934 ] 

Darran Lofthouse commented on WFWIP-316:
----------------------------------------

Would it be possible to clarify what the current situation is?  In some of these areas I think it may be better to check on our terminology as it can have some big implications on what is being discussed.

{quote}
By default, the CLI allows unsecure local access. 
{quote}

This one stuck out a little bit, the management endpoint is either secured or it is not secured, there is no middle ground.  The CLI isn't involved in making an "unsecured decision" - what we do have is a local authentication mechanism which verifies the CLI is executing locally to the application server but this should not be described as "unsecured" as it is still very much an authentication mechanism.

 

> Different behaviour of ADMIN_PASSWORD and securing management interface
> -----------------------------------------------------------------------
>
>                 Key: WFWIP-316
>                 URL: https://issues.redhat.com/browse/WFWIP-316
>             Project: WildFly WIP
>          Issue Type: Bug
>          Components: OpenShift
>            Reporter: Martin Choma
>            Assignee: Jeff Mesnil
>            Priority: Critical
>              Labels: EAP-XP1
>
> With XP image started to fail test where {{ADMIN_PASSWORD}} env var is empty. Because test is expecting management interface to be unsecured in that case. But this does not happen and management interface is secured with SASL authentication factory. Test is using CLI so it is SASL which is used for accessing management interface.
> Seems in other images CD, 7.3.0.GA (with legacy security in place) when {{ADMIN_PASSWORD}} was empty management interface was left unsecured.
> Seems to me we should be consistent between legacy security and Elytron approach of securing OpenShift images.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list