Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR16
Affects Version/s: 7.1.0.DR13
Component/s: Security
Labels:
- legacy-integration

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

/subsystem=security/security-domain=cert-roles-domain:add

/subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true)

/subsystem=security/elytron-key-manager=ekm:add(legacy-jsse-config=cert-roles-domain)

/subsystem=elytron/server-ssl-context=ssc:add(key-managers=ekm)
Show
/subsystem=security/security-domain=cert-roles-domain:add /subsystem=security/security-domain=cert-roles-domain/jsse=classic:add(truststore={password=secret, url="/path/to/server.truststore.jks"}, keystore={password=secret, url="/path/to/server.keystore.jks"}, client-auth=true) /subsystem=security/elytron-key-manager=ekm:add(legacy-jsse-config=cert-roles-domain) /subsystem=elytron/server-ssl-context=ssc:add(key-managers=ekm)

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

It is not possible to use a key manager exported from legacy security domain (i.e. elytron-key-manager) in Elytron server-ssl-context. It results in:

{
    "outcome" => "failed",
    "failure-description" => {
        "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.ssc" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.ssc: WFLYELY00019: No 'X509ExtendedKeyManager' found in injected value."},
        "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.ssc"]
    },
    "rolled-back" => true
}

The exported key manager is announced as org.wildfly.security.key-managers capability. Hence it is expected to work wherever the capability is requested.

is cloned by

WFCORE-2507 Key manager exported from legacy security domain can not be used by Elytron server-ssl-context

Resolved

is incorporated by

JBEAP-10000 Upgrade PicketBox from 5.0.0.Beta1 to 5.0.1.Final

Closed

is related to

JBEAP-10191 Elytron server-ssl-context does not work with key manager exported from legacy security domain

Closed

Assignee:: Unassigned

Reporter:: Ondrej Kotek

Tester:: Ondrej Kotek

QA Contact:: Ondrej Kotek

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2017/03/08 8:57 AM

Updated:: 2024/09/02 4:43 PM

Resolved:: 2017/03/31 8:28 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates