Details
Description
Hi, I'd like somebody co confirm, what will be supported way of configuring JAAS Realms in Fuse 7.
Fuse 6.x (Karaf 2.x)
User would create blueprint.xml with jaas:config section and deploy it as a bundle or xml into fuse.
Red Hat Documentation: https://access.redhat.com/documentation/en/red-hat-jboss-fuse/6.3/single/security-guide#ESBSecureJAASRealmDef
Upstream github sources for karaf / jaas / modules:
https://github.com/apache/karaf/tree/karaf-2.3.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules
Found login modules:
- jdbc/JDBCLoginModule.java
- ldap/LDAPLoginModule.java
- osgi/OsgiConfigLoginModule.java
- properties/PropertiesLoginModule.java
- publickey/PublickeyLoginModule.java
- syncope/SyncopeLoginModule.java
Fuse 7 (Karaf 4.x)
Upstream documentation: https://karaf.apache.org/manual/latest/#_security_framework
Upstream github sources for karaf / jaas / modules:
https://github.com/apache/karaf/tree/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules
Found login modules:
- audit/FileAuditLoginModule.java
- audit/LogAuditLoginModule.java
- audit/EventAdminAuditLoginModule.java
- jdbc/JDBCLoginModule.java
- krb5/Krb5LoginModule.java
- ldap/LDAPLoginModule.java
- ldap/GSSAPILdapLoginModule.java
- osgi/OsgiConfigLoginModule.java
- properties/PropertiesLoginModule.java
- properties/DigestPasswordLoginModule.java
- publickey/PublickeyLoginModule.java
- syncope/SyncopeLoginModule.java
Compared with Karaf 2.x there is new login module for Krb5 and GSSAPI.
Questions:
- Will configuration of JAAS Realms remain the same in Fuse 7 (declare blueprint.xml with jaas:config section) ?
- Can we expect Keycloak login module (configurable by blueprint jaas:config section) ?
- Karaf 2.x used karaf-jaas-modules.xml for "publishing" default jaas realms to container. Karaf 4.x doesn't blueprint for this. How does this change affect Fuse 7 ?
Attachments
Issue Links
- is related to
-
ENTESB-5238 Fabric8 should properly support certificate-based console authentication
- Closed