Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-6839

It is impossible configure KeyStore ValidatingAlias in picketlink-federation subsystem same as in picketlink.xml

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • Security
    • None
    • Hide

      #Add extension and subsystem
      /extension=org.wildfly.extension.picketlink:add()
      /subsystem=picketlink-federation:add
      /subsystem=picketlink-federation/federation=example-federation:add

      cd /subsystem=picketlink-federation/federation=example-federation

      #Add keystore
      ./key-store=key-store:add(file=newFile, password=PASS, sign-key-alias=signKEY, sign-key-password=signPASS)

      #Add validating alias
      /key-store=key-store/key=KEY1:add(host=localhost)
      #I cannot do this
      /key-store=key-store/key=KEY1:add(host=127.0.0.1)

      Show
      #Add extension and subsystem /extension=org.wildfly.extension.picketlink:add() /subsystem=picketlink-federation:add /subsystem=picketlink-federation/federation=example-federation:add cd /subsystem=picketlink-federation/federation=example-federation #Add keystore ./key-store=key-store:add(file=newFile, password=PASS, sign-key-alias=signKEY, sign-key-password=signPASS) #Add validating alias /key-store=key-store/key=KEY1:add(host=localhost) #I cannot do this /key-store=key-store/key=KEY1:add(host=127.0.0.1)

      In picketlink.xml configuration file I can define multiple ValidatingAlias for same certificate alias.

      <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
...
...
    <ValidatingAlias Key="localhost" Value="servercert" />
    <ValidatingAlias Key="127.0.0.1" Value="servercert" />
</KeyProvider>

      But in subsystem configuration I cannot do this.

      Workaround
      You can clone your certificate in keystore under different alias and then add new validating alias with this value.

              psilva@redhat.com Pedro Igor Craveiro
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: