Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR13
Affects Version/s: 7.1.0.DR11
Component/s: Security
Labels:
- authentication-client
- management-model

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

1) setup authentication-context:

/subsystem=elytron/authentication-configuration=auth-config:add(authentication-name=user1,realm=ManagementRealm,allow-sasl-mechanisms=[DIGEST-MD5],credential-reference={clear-text=pass@123}) /subsystem=elytron/authentication-context=auth-context:add(match-rules=[{match-host=localhost,authentication-configuration=auth-config}])

2) use following http-interface:

<http-interface http-authentication-factory="management-http-authentication"> <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/> <socket-binding http="management-http"/> </http-interface>

3) add user:

./bin/add-user.sh -u user1 -p pass@123 -r ManagementRealm

4) deploy application for whoami operation (see attachments)

5) access http://127.0.0.1:8080/AuthnContextApp/directCall. default-authentication-context is not set, so $local is displayed correctly

6) set default-authentication-context

/subsystem=elytron:write-attribute(name=default-authentication-context,value=auth-context) {"outcome" => "success"}

7) access http://127.0.0.1:8080/AuthnContextApp/directCall again. Result is still $local.

8) Reload server and access http://127.0.0.1:8080/AuthnContextApp/directCall again. Result is user1.
Show
1) setup authentication-context: /subsystem=elytron/authentication-configuration=auth-config:add(authentication-name=user1,realm=ManagementRealm,allow-sasl-mechanisms=[DIGEST-MD5],credential-reference={clear-text=pass@123}) /subsystem=elytron/authentication-context=auth-context:add(match-rules=[{match-host=localhost,authentication-configuration=auth-config}]) 2) use following http-interface: <http- interface http-authentication-factory= "management-http-authentication" > <http-upgrade enabled= " true " sasl-authentication-factory= "management-sasl-authentication" /> <socket-binding http= "management-http" /> </http- interface > 3) add user: ./bin/add-user.sh -u user1 -p pass@123 -r ManagementRealm 4) deploy application for whoami operation (see attachments) 5) access http://127.0.0.1:8080/AuthnContextApp/directCall . default-authentication-context is not set, so $local is displayed correctly 6) set default-authentication-context /subsystem=elytron:write-attribute(name= default -authentication-context,value=auth-context) { "outcome" => "success" } 7) access http://127.0.0.1:8080/AuthnContextApp/directCall again. Result is still $local . 8) Reload server and access http://127.0.0.1:8080/AuthnContextApp/directCall again. Result is user1 .

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

In case when Elytron subsystem attribute default-authentication-context is changed (through write-attribute or undefine-attribute operation) then operation succeed and server is NOT set to reload-required state. However changed value is not used until server is reload.

Before fixing, it must be decided whether change of default-authentication-context should require server reload or not. rhn-support-dlofthouse What should be correct behavior?

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

AuthnContextApp.war
5 kB
2017/02/13 1:10 AM

is cloned by

WFLY-8090 Changing Elytron default-authentication-context requires server restart

Closed

is incorporated by

JBEAP-8893 Upgrade Elytron Subsystem to 1.0.0.Beta10

Closed

Assignee:: Darran Lofthouse

Reporter:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/02/13 1:12 AM

Updated:: 2024/09/02 4:45 PM

Resolved:: 2017/02/24 8:40 AM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates