Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2510

Configuring automatic identity outflow causes the source domain to stop working

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 3.0.0.Beta8
    • None
    • Security
    • None

      When you configure an Elytron security domain to automatically outflow identities from it to a different domain, the source domain stops working.

      How to reproduce:
      1. configure management interface to be secured by Elytron ManagementDomain:

      /core-service=management/access=identity:add(security-domain=ManagementDomain)
      /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication})
      /core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication)
      /core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
      

      2. configure ManagementDomain to outflow its identity somewhere, eg. ApplicationDomain:

      /subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=outflow-security-domains,value=[ApplicationDomain])
      

      3. Reload the server
      4. Try to invoke any operation using CLI, it will fail:

      [standalone@localhost:9990 /] :whoami
      Failed to perform read-operation-description: java.util.concurrent.ExecutionException: Operation failed: Operation failed: java.lang.NullPointerException:null
      

              rhn-cservice-bbaranow Bartosz Baranowski
              rhn-cservice-bbaranow Bartosz Baranowski
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: