Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2136

Using management CLI with client configuration still prompts for username/password

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 3.0.0.Beta22
    • None
    • CLI, Security
    • None
    • Hide

      configure management interface

      /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir)
      /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add()
      /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"})
      /subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm}],default-realm=exampleFsRealm,permission-mapper=default-permission-mapper)
      /subsystem=elytron/http-authentication-factory=example-fs-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}])
      /subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleManagementRealm}]}])
      /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth)
      reload
      

      create custom-config.xml

      <configuration>
          <authentication-client xmlns="urn:elytron:1.0">
              <authentication-rules>
                  <rule use-configuration="configuration1">
                      <match-host name="localhost" />
                  </rule>
              </authentication-rules>
              <authentication-configurations>
                  <configuration name="configuration1">
                      <allow-sasl-mechanisms names="DIGEST-MD5" />
                       <use-service-loader-providers />
                       <set-user-name name="user1" />
                       <credentials>
                           <clear-password password="password123" />
                       </credentials>
                       <set-mechanism-realm name="exampleManagementRealm" />
                   </configuration>
              </authentication-configurations>
          </authentication-client>
      </configuration>
      

      attempt to connect using custom-config.xml

      ./jboss-cli.sh -c  -Dwildfly.config.url=/path/to/custom-config.xml --controller=localhost:9990
      

      responds prompting for username

      Authenticating against security realm: exampleManagementRealm
      Username:
      
      Show
      configure management interface /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir) /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add() /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password= "password123" }) /subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm}], default -realm=exampleFsRealm,permission-mapper= default -permission-mapper) /subsystem=elytron/http-authentication-factory=example-fs-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}]) /subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleManagementRealm}]}]) /core-service=management/management- interface =http- interface :write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth) reload create custom-config.xml <configuration> <authentication-client xmlns= "urn:elytron:1.0" > <authentication-rules> <rule use-configuration= "configuration1" > <match-host name= "localhost" /> </rule> </authentication-rules> <authentication-configurations> <configuration name= "configuration1" > <allow-sasl-mechanisms names= "DIGEST-MD5" /> <use-service-loader-providers /> <set-user-name name= "user1" /> <credentials> <clear-password password= "password123" /> </credentials> <set-mechanism-realm name= "exampleManagementRealm" /> </configuration> </authentication-configurations> </authentication-client> </configuration> attempt to connect using custom-config.xml ./jboss-cli.sh -c -Dwildfly.config.url=/path/to/custom-config.xml --controller=localhost:9990 responds prompting for username Authenticating against security realm: exampleManagementRealm Username:

      When configuring the wildfly management cli to use an elytron client config file, server still prompts for username password.

            darran.lofthouse@redhat.com Darran Lofthouse
            zrhoads Zach Rhoads (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: