-
Bug
-
Resolution: Done
-
Minor
-
7.1.0.DR7
-
None
Attribute identity-mapping.otp-credential-mapper from Elytron ldap-realm should include Object which should contain four required attributes - algorithm-from, hash-from, seed-from, sequence-from. All of these attributes are set as nillable=false.
However CLI allows to run command where otp-credential-mapper attribute is added without any attributes which is inconsistent with their nillable=false. See following command:
/subsystem=elytron/ldap-realm=ldap-realm:add(dir-context=ldap,identity-mapping={rdn-identifier=uid,otp-credential-mapper={}})
Moreover, this command results to configuration xml without any otp-credential-mapper:
<ldap-realm name="ldap-realm" dir-context="ldap"> <identity-mapping rdn-identifier="uid"/> </ldap-realm>
In case when at least one of otp-credential-mapper required attribute is added, then CLI command correctly fails:
/subsystem=elytron/ldap-realm=ldap-realm:add(dir-context=ldap,identity-mapping={rdn-identifier=uid,otp-credential-mapper={algorithm-from=atr}}) { "outcome" => "failed", "failure-description" => "WFLYCTL0155: hash-from may not be null", "rolled-back" => true }
Suggestion:
Do not allow to add identity-mapping.otp-credential-mapper without required attributes.
- is cloned by
-
WFLY-7437 Inconsistencies in otp-credential-mapper attribute of Elytron ldap-realm
- Closed
- is incorporated by
-
JBEAP-7538 Upgrade Elytron Subsystem to 1.0.0.Alpha15
- Closed