Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2569

Elytron properties-realm is not able to read users dynamically

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Critical Critical
    • None
    • None
    • Security
    • None
    • Hide

      1) Change http-interface to use Elytron:

      <http-interface http-authentication-factory="management-http-authentication">
    <http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
    <socket-binding http="management-http"/>
</http-interface>

      2) Start application server and add user through add-user.sh:

      ./bin/add-user.sh -u user -p pass@123 -r ManagementRealm

      3) Try to access Management Console with added user - it will fail

      4) Reload server and try to access Management Console with added user again - it will passes

      Show
      1) Change http-interface to use Elytron: <http- interface http-authentication-factory= "management-http-authentication" > <http-upgrade enabled= " true " sasl-authentication-factory= "management-sasl-authentication" /> <socket-binding http= "management-http" /> </http- interface > 2) Start application server and add user through add-user.sh: ./bin/add-user.sh -u user -p pass@123 -r ManagementRealm 3) Try to access Management Console with added user - it will fail 4) Reload server and try to access Management Console with added user again - it will passes

      Elytron properties-realm reads users only during server start. As consequence it means that when Elytron properties-realm is used for securing management interface and user is added through add-user.sh script then authentication with that user is not possible until server is reloaded/restarted. In legacy security, users can be added and used without needed of reloading server.

            darran.lofthouse@redhat.com Darran Lofthouse
            olukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: