Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.DR17
Affects Version/s: 7.1.0.DR15
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

Follow steps for securing management interface with kerberos https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.alpha/html-single/how_to_set_up_sso_with_kerberos/#secure_mgmt_interface_krb_elytron

Replace creation of http-authentication-factory with this command specifying protocol HTTP

/subsystem=elytron/http-authentication-factory=example-krb-http-auth:add( \ http-server-mechanism-factory=global, \ security-domain=exampleFsSD, \ mechanism-configurations=[ \ { \ mechanism-name=SPNEGO,\ mechanism-realm-configurations= \ [ \ { \ realm-name=exampleFsSD \ } \ ], \ protocol=HTTP,\ credential-security-factory=krbSF \ } \ ] \ )
Show
Follow steps for securing management interface with kerberos https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.alpha/html-single/how_to_set_up_sso_with_kerberos/#secure_mgmt_interface_krb_elytron Replace creation of http-authentication-factory with this command specifying protocol HTTP /subsystem=elytron/http-authentication-factory=example-krb-http-auth:add( \ http-server-mechanism-factory=global, \ security-domain=exampleFsSD, \ mechanism-configurations=[ \ { \ mechanism-name=SPNEGO,\ mechanism-realm-configurations= \ [ \ { \ realm-name=exampleFsSD \ } \ ], \ protocol=HTTP,\ credential-security-factory=krbSF \ } \ ] \ )

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When I use "HTTP" in protocol attribute instead of "http", I get 403 instead of succesfull access.

According to http://www.rfc-base.org/txt/rfc-1738.txt

Scheme names consist of a sequence of characters. The lower case
letters "a"--"z", digits, and the characters plus ("+"), period
("."), and hyphen ("-") are allowed. For resiliency, programs
interpreting URLs should treat upper case letters as equivalent to
lower case in scheme names (e.g., allow "HTTP" as well as "http").

is cloned by

WFCORE-2653 Elytron, *-authentication-factory protocol attribute should be case insensitive

Resolved

is incorporated by

JBEAP-10119 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta16

Closed

Assignee:: Jan Kalina (Inactive)

Reporter:: Martin Choma

Tester:: Martin Choma

QA Contact:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017/03/29 3:55 AM

Updated:: 2024/09/02 4:38 PM

Resolved:: 2017/04/12 5:40 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates