Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-24669

[GSS](7.4.z) applicationSSC is required when running enable-elytron-se17.cli / enable-elytron-se17-domain.cli

XMLWordPrintable

    • False
    • None
    • False
    • ?
    • Hide

      if a user just takes their EAP 7.3 config and puts it into EAP 7.4 , I removed the tech preview MP subsystems from the standalone.xml and put this into EAP 7.4 and ran:

      ./bin/jboss-cli.sh --file=docs/examples/enable-elytron-se17.cli 

      or

      Run the jboss-server-migration

      jboss-eap-7.4 bmaxwell$ ./bin/jboss-server-migration.sh -s /tmp/jboss-eap-7.3/ -t . 
      ./bin/jboss-cli.sh --file=docs/examples/enable-elytron-se17.cli

       

      Show
      if a user just takes their EAP 7.3 config and puts it into EAP 7.4 , I removed the tech preview MP subsystems from the standalone.xml and put this into EAP 7.4 and ran: ./bin/jboss-cli.sh --file=docs/examples/enable-elytron-se17.cli or Run the jboss-server-migration jboss-eap-7.4 bmaxwell$ ./bin/jboss-server-migration.sh -s /tmp/jboss-eap-7.3/ -t . ./bin/jboss-cli.sh --file=docs/examples/enable-elytron-se17.cli  

      This error results when running enable-elytron-se17.cli if a user is using an older EAP 7.x configuration (or perhaps removed applicationSSC).

      We should make sure applicationSSC is defined since the enable-elytron-se17.cli depends on it, this might mean modifying the .cli to check (add if needed) or perhaps it should be the jboss-server-migration.sh should add the applicationSSC when migrating.

      jboss-eap-7.4 $ ./bin/jboss-cli.sh --file=./docs/examples/enable-elytron-se17.cli 
      INFO: Updating configuration to use elytron
      INFO: Adding http-authentication-factory=application-http-authentication to Elytron
      {"outcome" => "success"}
      INFO: Adding application-security-domain=other to Undertow
      {"outcome" => "success"}
      INFO: Configuring the Undertow https listener
      The batch failed with the following error (you are remaining in the batch editing mode to have a chance to correct the error): 
      WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:
      Step: step-2
      Operation: /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context, value=applicationSSC)
      Failure: WFLYCTL0369: Required capabilities are not available:
          org.wildfly.security.ssl-context.applicationSSC; Possible registration points for this capability: 
              /subsystem=elytron/server-ssl-context=*
              /subsystem=elytron/client-ssl-context=*
              /subsystem=elytron/server-ssl-sni-context=*

      These are the missing commands needed to resolve the error:

      /subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},path=application.keystore,relative-to=jboss.server.config.dir,type=JKS)
      /subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, generate-self-signed-certificate-host=localhost, credential-reference={clear-text=password})
      /subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM) 

            ssur@redhat.com Sudeshna Sur (Inactive)
            rhn-support-bmaxwell Brad Maxwell
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: