Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2718

Management HTTP API using security-realm for CLIENT_CERT authentication results in prompt for password instead of directly authenticating

    XMLWordPrintable

Details

    • Hide

      The password to client keystore is clientKeyPassword

      1. copy attached truststore, keystore and config files to the server config directory
      2. start the server with standalone.xml
      3. go to https://localhost:9993 and use attached key-client.pkcs12 for authentication (you can add it in your browser), which is generated from the attached key-clientKeyAlias6297825450729746067.keystore via this command keytool -importkeystore -srckeystore key-clientKeyAlias6297825450729746067.keystore -srcstorepass clientKeyPassword -deststoretype pkcs12 -destkeystore key-client.pkcs12 -deststorepass clientKeyPassword
      4. management console should be loaded without prompting for user and password
      Show
      The password to client keystore is clientKeyPassword copy attached truststore, keystore and config files to the server config directory start the server with standalone.xml go to https://localhost:9993 and use attached key-client.pkcs12 for authentication (you can add it in your browser), which is generated from the attached key-clientKeyAlias6297825450729746067.keystore via this command keytool -importkeystore -srckeystore key-clientKeyAlias6297825450729746067.keystore -srcstorepass clientKeyPassword -deststoretype pkcs12 -destkeystore key-client.pkcs12 -deststorepass clientKeyPassword management console should be loaded without prompting for user and password

    Description

      Having defined CLIENT_CERT auth on HTTP management API with legacy security-realm causes that after requesting client cert, there is also required password.

      This is regression in comparison to EAP 7.0 and EAP 7.1.0.DR7, as such marking as blocker.

      For details how to reproduce see steps to reproduce

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. JBEAP-10237 Management HTTP API using security-realm for CLIENT_CERT authentication results in prompt for password instead of directly authenticating

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: WFCORE

              People

                darran.lofthouse@redhat.com Darran Lofthouse
                darran.lofthouse@redhat.com Darran Lofthouse
                Radim Hatlapatka Radim Hatlapatka (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: