Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-6763

Inconsistencies in otp-credential-mapper attribute of Elytron ldap-realm

    XMLWordPrintable

Details

    Description

      Attribute identity-mapping.otp-credential-mapper from Elytron ldap-realm should include Object which should contain four required attributes - algorithm-from, hash-from, seed-from, sequence-from. All of these attributes are set as nillable=false.

      However CLI allows to run command where otp-credential-mapper attribute is added without any attributes which is inconsistent with their nillable=false. See following command:

      /subsystem=elytron/ldap-realm=ldap-realm:add(dir-context=ldap,identity-mapping={rdn-identifier=uid,otp-credential-mapper={}})

      Moreover, this command results to configuration xml without any otp-credential-mapper:

      <ldap-realm name="ldap-realm" dir-context="ldap">
    <identity-mapping rdn-identifier="uid"/>
</ldap-realm>

      In case when at least one of otp-credential-mapper required attribute is added, then CLI command correctly fails:

      /subsystem=elytron/ldap-realm=ldap-realm:add(dir-context=ldap,identity-mapping={rdn-identifier=uid,otp-credential-mapper={algorithm-from=atr}})
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0155: hash-from may not be null",
    "rolled-back" => true
}

      Suggestion:
      Do not allow to add identity-mapping.otp-credential-mapper without required attributes.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-7437 Inconsistencies in otp-credential-mapper attribute of Elytron ldap-realm

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-7538 Upgrade Elytron Subsystem to 1.0.0.Alpha15

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: