Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7426

It is not possible to set secure-socket-binding without security-realm in HTTP management interface

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.1.0.DR9
    • 7.1.0.DR8
    • Security
    • None
    • Hide

      1) prepare Elytron configuration for SSL into standalone-elytron.xml - https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-SetupandConfigureAuthenticationfortheManagementInterfaces
      2) Add ssl-context to management-interface=http-interface:

      /core-service=management/management-interface=http-interface:write-attribute(name=ssl-context,value=httpsSSC)

      3) Try to set secure-socket-binding for management-interface=http-interface:

      /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding,value=management-https)
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set",
    "rolled-back" => true
}
      Show
      1) prepare Elytron configuration for SSL into standalone-elytron.xml - https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-SetupandConfigureAuthenticationfortheManagementInterfaces 2) Add ssl-context to management-interface=http-interface: /core-service=management/management- interface =http- interface :write-attribute(name=ssl-context,value=httpsSSC) 3) Try to set secure-socket-binding for management-interface=http-interface: /core-service=management/management- interface =http- interface :write-attribute(name=secure-socket-binding,value=management-https) { "outcome" => "failed" , "failure-description" => "WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set" , "rolled-back" => true }

      I am not able to add secure-socket-binding attribute for management-interface=http-interface resource which does not include security-realm attribute. This means that "Elytron-only" authentication and SSL configuration for HTTP interface is not possible.

      Trying this issue for management-interface=native-interface is blocked by JBEAP-7424.

      As workaround, if security-realm is also added then authentication with Elytron works correctly (added security-realm is not used because Elytron-related attributes in HTTP management interface have higher priority).

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: