Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10237

Management HTTP API using security-realm for CLIENT_CERT authentication results in prompt for password instead of directly authenticating

    XMLWordPrintable

Details

    • Regression
    • Not Required
    • Hide

      The password to client keystore is clientKeyPassword

      1. copy attached truststore, keystore and config files to the server config directory
      2. start the server with standalone.xml
      3. go to https://localhost:9993 and use attached key-client.pkcs12 for authentication (you can add it in your browser), which is generated from the attached key-clientKeyAlias6297825450729746067.keystore via this command keytool -importkeystore -srckeystore key-clientKeyAlias6297825450729746067.keystore -srcstorepass clientKeyPassword -deststoretype pkcs12 -destkeystore key-client.pkcs12 -deststorepass clientKeyPassword
      4. management console should be loaded without prompting for user and password
      Show
      The password to client keystore is clientKeyPassword copy attached truststore, keystore and config files to the server config directory start the server with standalone.xml go to https://localhost:9993 and use attached key-client.pkcs12 for authentication (you can add it in your browser), which is generated from the attached key-clientKeyAlias6297825450729746067.keystore via this command keytool -importkeystore -srckeystore key-clientKeyAlias6297825450729746067.keystore -srcstorepass clientKeyPassword -deststoretype pkcs12 -destkeystore key-client.pkcs12 -deststorepass clientKeyPassword management console should be loaded without prompting for user and password

    Description

      Having defined CLIENT_CERT auth on HTTP management API with legacy security-realm causes that after requesting client cert, there is also required password.

      This is regression in comparison to EAP 7.0 and EAP 7.1.0.DR7, as such marking as blocker.

      For details how to reproduce see steps to reproduce

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2718 Management HTTP API using security-realm for CLIENT_CERT authentication results in prompt for password instead of directly authenticating

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-10508 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta21

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              rhatlapa@redhat.com Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: