Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-20131

(7.3.z) Elytron is unable to use legacy realms in admin-only mode

    XMLWordPrintable

Details

    Description

      We use an legacy loginmodule following the elytron documentation:

      <susbsytem xmlns="urn:jboss:domain:security:2.0">
      ...
      <elytron-integration>
         <security-realms>
           <elytron-realm name="legacy-web-realm" legacy-jaas-config="legacy-web-domain"/>
      </security-realms>

      ...
      <subsystem xmlns="urn:wildfly:elytron:4.0"
      ...
         <security-domains>
            <security-domain name="app-web-domain" default-realm="legacy-web-realm" permission-mapper="default-permission-mapper">
                      <realm name="legacy-web-realm" />}
                 </security-domain>
      ....

      This works fine if we configure the server manually.

      If we configure the server automatically, we start the server in admin-only modus. This leads to the follwing error:

      16:05:01,584 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
       ("subsystem" => "elytron"),
       ("security-domain" => "app-web-domain")
      ]) - failure description: {
       "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.legacy-web-realm"],
       "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.app-web-domain.initial is missing [org.wildfly.security.security-realm.legacy-web-realm]"]
      }

      It's also not possible to configure the elytron security with CLI if the server runs in admin-only.

      [standalone@186.22.140.164:10590 /] /subsystem=elytron/security-domain=app-web-domain:add(realms=[{realm=
      ApplicationRealm legacy-web-realm local ManagementRealm
      {{[standalone@186.22.140.164:10590 /] /subsystem=elytron/security-domain=app-web-domain:add(realms=[

      {realm=legacy-web-realm}

      ],default-realm=legacy-web-realm)}}
      16:13:09,583 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) WFLYCTL0013: Operation ("add") failed - address: ([
       ("subsystem" => "elytron"),
       ("security-domain" => "app-web-domain")
      ]) - failure description: {
       "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.security-realm.legacy-web-realm"],
       "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.security.security-domain.app-web-domain.initial is missing [org.wildfly.security.security-realm.legacy-web-realm]"]
      }

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-4407 Cannot configure Elytron security domain using embedded server in admin mode

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              danielstraub Daniel Straub
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: