Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2013

Unable to access http management interface secured by legacy ldap realm

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 3.0.0.Alpha13
    • 3.0.0.Alpha12
    • Security
    • None
    • Hide

      1) Start server

      ./standalone.sh

      2) Configure server with CLI

      /core-service=management/ldap-connection=ldapConnection:add(url="ldap://localhost:10389", search-credential="secret", search-dn="uid=admin,ou=system")
/core-service=management/security-realm=ldap-realm:add()
/core-service=management/security-realm=ldap-realm/authentication=ldap:add(connection=ldapConnection, base-dn="ou=People,dc=jboss,dc=org", username-attribute=uid)
/core-service=management/management-interface=http-interface:write-attribute(name=security-realm, value=ldap-realm)
reload

      3) Access http://localhost:9990/management?operation=attribute&name=server-state in browser
      4) Instead of 401 status code and authentication dialog box, 403 is return as response, so user have no chance to provide credentials.

      Show
      1) Start server ./standalone.sh 2) Configure server with CLI /core-service=management/ldap-connection=ldapConnection:add(url= "ldap: //localhost:10389" , search-credential= "secret" , search-dn= "uid=admin,ou=system" ) /core-service=management/security-realm=ldap-realm:add() /core-service=management/security-realm=ldap-realm/authentication=ldap:add(connection=ldapConnection, base-dn= "ou=People,dc=jboss,dc=org" , username-attribute=uid) /core-service=management/management- interface =http- interface :write-attribute(name=security-realm, value=ldap-realm) reload 3) Access http://localhost:9990/management?operation=attribute&name=server-state in browser 4) Instead of 401 status code and authentication dialog box, 403 is return as response, so user have no chance to provide credentials.

      When http management interface is secured with legacy security realm using ldap, user is not prompted to provide credentials as should be in case of BASIC http authentication mechanism. Instead 403 http status is returned directly.

      Users won't be able to migrate their current (6.4, 7.0) configuration to 7.1 without change.

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: