Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9779

Not possible to create security domain in Elytron subsystem configuration in web console without outflow-security-domains attribute specified

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.DR16
    • 7.1.0.DR14
    • Web Console
    • None
    • Hide
      1. Start EAP in e.g. standalone mode
      2. using web console navigate Configuration: Subsystems > Subsystem: Security - Elytron > Settings: Other > SSL > Security Domain > Add
      3. In New Security Domain dialog enter name and realm and click Save
      Show
      Start EAP in e.g. standalone mode using web console navigate Configuration: Subsystems > Subsystem: Security - Elytron > Settings: Other > SSL > Security Domain > Add In New Security Domain dialog enter name and realm and click Save

      User see following HTTP API error:

      Unexpected HTTP response: 500
      
      Request
      {
          "name" => "TestDomain",
          "outflow-anonymous" => false,
          "outflow-security-domains" => undefined,
          "permission-mapper" => undefined,
          "post-realm-principal-transformer" => undefined,
          "pre-realm-principal-transformer" => undefined,
          "principal-decoder" => undefined,
          "realm-mapper" => undefined,
          "role-mapper" => undefined,
          "security-event-listener" => undefined,
          "trusted-security-domains" => undefined,
          "realms" => [{
              "realm" => "local",
              "principal-transformer" => undefined,
              "role-decoder" => undefined,
              "role-mapper" => undefined
          }],
          "default-realm" => "local",
          "address" => [
              ("subsystem" => "elytron"),
              ("security-domain" => "TestDomain")
          ],
          "operation" => "add"
      }
      
      Response
      
      Internal Server Error
      {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0380: Attribute 'outflow-security-domains' needs to be set or passed before attribute 'outflow-anonymous' can be correctly set",
          "rolled-back" => true
      }
      

      The problem is caused by web console setting outflow-anonymous attribute to the default value even without user touching this attribute. But outflow-anonymous attribute if not let undefined requires outflow-security-domains to be set.

              cmiranda@redhat.com Claudio Miranda
              pjelinek@redhat.com Pavel Jelinek
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: