Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10237

Management HTTP API using security-realm for CLIENT_CERT authentication results in prompt for password instead of directly authenticating

XMLWordPrintable

    • Regression
    • Not Required
    • Hide

      The password to client keystore is clientKeyPassword

      1. copy attached truststore, keystore and config files to the server config directory
      2. start the server with standalone.xml
      3. go to https://localhost:9993 and use attached key-client.pkcs12 for authentication (you can add it in your browser), which is generated from the attached key-clientKeyAlias6297825450729746067.keystore via this command keytool -importkeystore -srckeystore key-clientKeyAlias6297825450729746067.keystore -srcstorepass clientKeyPassword -deststoretype pkcs12 -destkeystore key-client.pkcs12 -deststorepass clientKeyPassword
      4. management console should be loaded without prompting for user and password
      Show
      The password to client keystore is clientKeyPassword copy attached truststore, keystore and config files to the server config directory start the server with standalone.xml go to https://localhost:9993 and use attached key-client.pkcs12 for authentication (you can add it in your browser), which is generated from the attached key-clientKeyAlias6297825450729746067.keystore via this command keytool -importkeystore -srckeystore key-clientKeyAlias6297825450729746067.keystore -srcstorepass clientKeyPassword -deststoretype pkcs12 -destkeystore key-client.pkcs12 -deststorepass clientKeyPassword management console should be loaded without prompting for user and password

      Having defined CLIENT_CERT auth on HTTP management API with legacy security-realm causes that after requesting client cert, there is also required password.

      This is regression in comparison to EAP 7.0 and EAP 7.1.0.DR7, as such marking as blocker.

      For details how to reproduce see steps to reproduce

        1. key-client.pkcs12
          2 kB
          Radim Hatlapatka
        2. key-clientKeyAlias6297825450729746067.keystore
          2 kB
          Radim Hatlapatka
        3. key-serverKeyAlias5793743376124668286.keystore
          2 kB
          Radim Hatlapatka
        4. standalone.xml
          25 kB
          Radim Hatlapatka
        5. testmgmt-users.properties
          0.1 kB
          Radim Hatlapatka
        6. trust-clientCertificateAlias2330904312918742503.truststore
          0.8 kB
          Radim Hatlapatka
        7. trust-serverCertificateAlias6758670164790950710.truststore
          0.7 kB
          Radim Hatlapatka

              darran.lofthouse@redhat.com Darran Lofthouse
              rhatlapa@redhat.com Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Radim Hatlapatka Radim Hatlapatka (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: