Details
-
Bug
-
Resolution: Done
-
Critical
-
EAP71 1.1.0.GA, EAPCD 12.0.GA
Description
So I've taken a look at our current Elytron configuration integration provided by cct_module/os-eap7-launch/added/launch/elytron.sh. Currently there are few problems and enhancement options. Let's sum it up in points:
- Currently it's broken IMO because of:
<file path=\"${HTTPS_KEYSTORE}\" relative-to=\"${HTTPS_KEYSTORE_DIR}\"/>\n\Attribute relative-to expects AFAIK directory variable (and not relative path) (check it here) and mounting secret containing keystore to path in server dir is not the way IMO.
- Second - I don't understand much to this condition. Once I have HTTPS_PASSWORD (see the preceding condition in the source) why I would need to set HTTPS_KEY_PASSWORD as well ? I am not sure whether key-store should use different password than key-manager (maybe yes?).
- Finally I don't really consider switching to Elytron as smooth. I would expect only to set the CONFIGURE_ELYTRON_SSL to true and would expect my app more or less working but I need to provide all those variables which doesn't reflect original configuration described by https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/red_hat_jboss_enterprise_application_platform_for_openshift/#https_env_variables.
Attachments
Issue Links
- blocks
-
CLOUD-2036 [SSO] Enable configuration of cipher suites
-
- New
-
- is related to
-
-
- Closed
-
- relates to
-
-
- Verified
-
-
-
- Closed
-
