Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11568

Management/security-realm/authentication/users integration with credential reference is not correct.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.ER2
    • 7.1.0.ER1
    • Security
    • None
    • Hide
      • Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml
      • Run EAP server with standalone.xml configuration file which is attached.
      • There are defined three users one uses password and others use credential store (clear-text password and store + alias)
      • You can create your own credential store like that 
        /subsystem=elytron/credential-store=cs002:add(create=true, location=cs002.jceks, relative-to="jboss.server.data.dir", credential-reference={clear-text=pass123})
      • You can add there new alias to credential store like that 
        /subsystem=elytron/credential-store=cs002:add-alias(alias=newuseralias, secret-value=newuser123)
      • and then add there new authentication user for management like that 
        /core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs002, alias=newuseralias})

      Then you can try log in to management console http://localhost:9990/console/App.html
      newuser/newuser123

      Show
      Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml Run EAP server with standalone.xml configuration file which is attached. There are defined three users one uses password and others use credential store (clear-text password and store + alias) go to http://localhost:9990/console/App.html and use pepa/pepa123 credentials - it works (uses password attribute) go to http://localhost:9990/console/App.html and use hynek/hynek123 credentials - it doesn't work (uses credential-reference and store + alias) go to http://localhost:9990/console/App.html and use ondra/ondra123 credentials - it doesn't work (uses credential-reference and clear-text password) You can create your own credential store like that /subsystem=elytron/credential-store=cs002:add(create= true , location=cs002.jceks, relative-to= "jboss.server.data.dir" , credential-reference={clear-text=pass123}) You can add there new alias to credential store like that /subsystem=elytron/credential-store=cs002:add-alias(alias=newuseralias, secret-value=newuser123) and then add there new authentication user for management like that /core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs002, alias=newuseralias}) Then you can try log in to management console http://localhost:9990/console/App.html newuser/newuser123

    Description

      Management/security-realm/authentication/users integration with credential reference is not correct.

      When user set authentication/users instead of authentication/properties and add there user who has defined credential-reference then he is not able to log in to management console.

      It must work, please check Steps to Reproduce section.

      Attachments

        1. cs001.jceks
          2 kB
        2. standalone.xml
          29 kB

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9321 There is missing CS integration with core management

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2963 Management/security-realm/authentication/users integration with credential reference is not correct.

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-11466 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta28

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              ehugonne1@redhat.com Emmanuel Hugonnet
              hsvabek_jira Hynek Švábek (Inactive)
              Hynek Švábek Hynek Švábek (Inactive)
              Hynek Švábek Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: