Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9034

Configuring automatic identity outflow causes the source domain to stop working

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.DR14
    • 7.1.0.DR12
    • Security
    • None

    Description

      When you configure an Elytron security domain to automatically outflow identities from it to a different domain, the source domain stops working.

      How to reproduce:
      1. configure management interface to be secured by Elytron ManagementDomain:

      /core-service=management/access=identity:add(security-domain=ManagementDomain)
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
/core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)

      2. configure ManagementDomain to outflow its identity somewhere, eg. ApplicationDomain:

      /subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=outflow-security-domains,value=[ApplicationDomain])

      3. Reload the server
      4. Try to invoke any operation using CLI, it will fail:

      [standalone@localhost:9990 /] :whoami
Failed to perform read-operation-description: java.util.concurrent.ExecutionException: Operation failed: Operation failed: java.lang.NullPointerException:null

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8448 Batch subsystem needs automatic outflow of security identity from trusted security domains

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          clones

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2510 Configuring automatic identity outflow causes the source domain to stop working

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          relates to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ELY-835 SecurityIdentity Automatic Outflow

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              rhn-cservice-bbaranow Bartosz Baranowski
              jmartisk@redhat.com Jan Martiska
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h