Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10424

Elytron, unable to use elytron ssl-context in server to host controller communication

    XMLWordPrintable

Details

    Description

      In legacy there is possible to configure ssl context for the connection from the application server back to it's host controller in domain mode. This legacy configuration was added based on JBEAP-2514.

      I don't see Elytron alternative, such it would be possible to configure Elytron client ssl context.

      I have verified it is still possible to successfully configure domain mode in FIPS mode mixing 2 approaches:

      • Elytron for controller to controller communication
      • Legacy for server to controller communication.
      wildfly-config_5_0.xsd
          <xs:complexType name="serverType">
        <xs:all>
            <xs:element name="paths" type="specified-pathsType" minOccurs="0" maxOccurs="1" />

            <xs:element name="interfaces" type="specified-interfacesType" minOccurs="0"/>
            <xs:element name="socket-bindings" type="server-socket-bindingsType" minOccurs="0"/>

            <!--<xs:element name="loggers" type="loggersType" minOccurs="0"/>-->
            <xs:element name="system-properties" type="properties-with-boottime" minOccurs="0"/>
            <xs:element name="jvm" minOccurs="0" type="serverJvmType"/>

            <xs:element name="ssl" minOccurs="0" type="server-sslType">
                <xs:annotation>
                    <xs:documentation>
                        Configuration of the SSLContext used for the connection from the application server back to it's host controller.
                    </xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:all>
        <xs:attribute name="name" type="xs:string" use="required"/>
        <xs:attribute name="group" type="xs:string" use="required"/>
        <xs:attribute name="auto-start" type="xs:boolean" default="true"/>
        <xs:attribute name="update-auto-start-with-server-status" type="xs:boolean" default="false">
            <xs:annotation>
                <xs:documentation>
                    Iif the server last status (STARTED or STOPPED) is to be used to define the value of auto-start.
                </xs:documentation>
            </xs:annotation>
        </xs:attribute>
    </xs:complexType>

      I found issue now as:

      • RFE was switched into Verificaiton TODO in DR16
      • There existed and still exists couple of related issues (JBEAP-8147, JBEAP-10060, JBEAP-9630) which hint this area is not working properly, so focus was on another areas.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2689 Elytron, unable to use elytron ssl-context in server to host controller communication

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: