-
Bug
-
Resolution: Done
-
Major
-
None
-
None
When you configure an Elytron security domain to automatically outflow identities from it to a different domain, the source domain stops working.
How to reproduce:
1. configure management interface to be secured by Elytron ManagementDomain:
/core-service=management/access=identity:add(security-domain=ManagementDomain) /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade,value={enabled=true, sasl-authentication-factory=management-sasl-authentication}) /core-service=management/management-interface=http-interface:write-attribute(name=http-authentication-factory,value=management-http-authentication) /core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
2. configure ManagementDomain to outflow its identity somewhere, eg. ApplicationDomain:
/subsystem=elytron/security-domain=ManagementDomain:write-attribute(name=outflow-security-domains,value=[ApplicationDomain])
3. Reload the server
4. Try to invoke any operation using CLI, it will fail:
[standalone@localhost:9990 /] :whoami Failed to perform read-operation-description: java.util.concurrent.ExecutionException: Operation failed: Operation failed: java.lang.NullPointerException:null
- is cloned by
-
JBEAP-9034 Configuring automatic identity outflow causes the source domain to stop working
- Closed