Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 3.0.0.Beta27
Affects Version/s: None
Component/s: Security
Labels:
None

Steps to Reproduce:
Hide

Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml

Run EAP server with standalone.xml configuration file which is attached.

There are defined three users one uses password and others use credential store (clear-text password and store + alias)

go to http://localhost:9990/console/App.html and use pepa/pepa123 credentials - it works (uses password attribute)

go to http://localhost:9990/console/App.html and use hynek/hynek123 credentials - it doesn't work (uses credential-reference and store + alias)

go to http://localhost:9990/console/App.html and use ondra/ondra123 credentials - it doesn't work (uses credential-reference and clear-text password)

You can create your own credential store like that

/subsystem=elytron/credential-store=cs002:add(create=true, location=cs002.jceks, relative-to="jboss.server.data.dir", credential-reference={clear-text=pass123})

You can add there new alias to credential store like that

/subsystem=elytron/credential-store=cs002:add-alias(alias=newuseralias, secret-value=newuser123)

and then add there new authentication user for management like that

/core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs002, alias=newuseralias})

Then you can try log in to management console http://localhost:9990/console/App.html
newuser/newuser123
Show
Copy cs001.jceks keystore from attachment to JBOSS_HOME/standalone/data location or update path on attached standalone.xml Run EAP server with standalone.xml configuration file which is attached. There are defined three users one uses password and others use credential store (clear-text password and store + alias) go to http://localhost:9990/console/App.html and use pepa/pepa123 credentials - it works (uses password attribute) go to http://localhost:9990/console/App.html and use hynek/hynek123 credentials - it doesn't work (uses credential-reference and store + alias) go to http://localhost:9990/console/App.html and use ondra/ondra123 credentials - it doesn't work (uses credential-reference and clear-text password) You can create your own credential store like that /subsystem=elytron/credential-store=cs002:add(create= true , location=cs002.jceks, relative-to= "jboss.server.data.dir" , credential-reference={clear-text=pass123}) You can add there new alias to credential store like that /subsystem=elytron/credential-store=cs002:add-alias(alias=newuseralias, secret-value=newuser123) and then add there new authentication user for management like that /core-service=management/security-realm=ManagementRealm/authentication=users/user=newuser:add(credential-reference={store=cs002, alias=newuseralias}) Then you can try log in to management console http://localhost:9990/console/App.html newuser/newuser123

Management/security-realm/authentication/users integration with credential reference is not correct.

When user set authentication/users instead of authentication/properties and add there user who has defined credential-reference then he is not able to log in to management console.

It must work, please check Steps to Reproduce section.

clones

JBEAP-11568 Management/security-realm/authentication/users integration with credential reference is not correct.

Closed

Assignee:: Emmanuel Hugonnet

Reporter:: Hynek Švábek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/06/15 1:49 AM

Updated:: 2017/06/16 7:06 AM

Resolved:: 2017/06/16 7:06 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates