-
Bug
-
Resolution: Done
-
Blocker
-
7.1.0.DR12
-
None
When you configure an Elytron security domain to automatically outflow identities from it to a different domain, the source domain stops working.
How to reproduce:
1. configure management interface to be secured by Elytron ManagementDomain:
/core-service=management/access=identity:add(security-domain=ManagementDomain)
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
2. configure ManagementDomain to outflow its identity somewhere, eg. ApplicationDomain:
/subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=outflow-security-domains,value=[ApplicationDomain])
3. Reload the server
4. Try to invoke any operation using CLI, it will fail:
[standalone@localhost:9990 /] :whoami Failed to perform read-operation-description: java.util.concurrent.ExecutionException: Operation failed: Operation failed: java.lang.NullPointerException:null
- blocks
-
-
- Closed
-
- clones
-
-
- Resolved
-
- relates to
-
ELY-835 SecurityIdentity Automatic Outflow
-
- Resolved
-
