Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11568

Management/security-realm/authentication/users integration with credential reference is not correct.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER2
    • 7.1.0.ER1
    • Security
    • None
    • Hide
      • Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml
      • Run EAP server with standalone.xml configuration file which is attached.
      • There are defined three users one uses password and others use credential store (clear-text password and store + alias)
      • You can create your own credential store like that 
        /subsystem=elytron/credential-store=cs002:add(create=true, location=cs002.jceks, relative-to="jboss.server.data.dir", credential-reference={clear-text=pass123})
      • You can add there new alias to credential store like that 
        /subsystem=elytron/credential-store=cs002:add-alias(alias=newuseralias, secret-value=newuser123)
      • and then add there new authentication user for management like that 
        /core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs002, alias=newuseralias})

      Then you can try log in to management console http://localhost:9990/console/App.html
      newuser/newuser123

      Show
      Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml Run EAP server with standalone.xml configuration file which is attached. There are defined three users one uses password and others use credential store (clear-text password and store + alias) go to http://localhost:9990/console/App.html and use pepa/pepa123 credentials - it works (uses password attribute) go to http://localhost:9990/console/App.html and use hynek/hynek123 credentials - it doesn't work (uses credential-reference and store + alias) go to http://localhost:9990/console/App.html and use ondra/ondra123 credentials - it doesn't work (uses credential-reference and clear-text password) You can create your own credential store like that /subsystem=elytron/credential-store=cs002:add(create= true , location=cs002.jceks, relative-to= "jboss.server.data.dir" , credential-reference={clear-text=pass123}) You can add there new alias to credential store like that /subsystem=elytron/credential-store=cs002:add-alias(alias=newuseralias, secret-value=newuser123) and then add there new authentication user for management like that /core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs002, alias=newuseralias}) Then you can try log in to management console http://localhost:9990/console/App.html newuser/newuser123

      Management/security-realm/authentication/users integration with credential reference is not correct.

      When user set authentication/users instead of authentication/properties and add there user who has defined credential-reference then he is not able to log in to management console.

      It must work, please check Steps to Reproduce section.

        1. cs001.jceks
          2 kB
        2. standalone.xml
          29 kB

              ehugonne1@redhat.com Emmanuel Hugonnet
              hsvabek_jira Hynek Švábek (Inactive)
              Hynek Švábek Hynek Švábek (Inactive)
              Hynek Švábek Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: