Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7638

It is not possible to set secure-socket-binding without security-realm in HTTP management interface

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Duplicate
    • 11.0.0.Alpha1
    • 11.0.0.Alpha1
    • Security
    • None
    • Hide

      1) prepare Elytron configuration for SSL into standalone-elytron.xml - https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-SetupandConfigureAuthenticationfortheManagementInterfaces
      2) Add ssl-context to management-interface=http-interface:

      /core-service=management/management-interface=http-interface:write-attribute(name=ssl-context,value=httpsSSC)
      

      3) Try to set secure-socket-binding for management-interface=http-interface:

      /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding,value=management-https)
      {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set",
          "rolled-back" => true
      }
      
      Show
      1) prepare Elytron configuration for SSL into standalone-elytron.xml - https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-SetupandConfigureAuthenticationfortheManagementInterfaces 2) Add ssl-context to management-interface=http-interface: /core-service=management/management- interface =http- interface :write-attribute(name=ssl-context,value=httpsSSC) 3) Try to set secure-socket-binding for management-interface=http-interface: /core-service=management/management- interface =http- interface :write-attribute(name=secure-socket-binding,value=management-https) { "outcome" => "failed" , "failure-description" => "WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set" , "rolled-back" => true }

    Description

      I am not able to add secure-socket-binding attribute for management-interface=http-interface resource which does not include security-realm attribute. This means that "Elytron-only" authentication and SSL configuration for HTTP interface is not possible.

      Trying this issue for management-interface=native-interface is blocked by JBEAP-7424.

      As workaround, if security-realm is also added then authentication with Elytron works correctly (added security-realm is not used because Elytron-related attributes in HTTP management interface have higher priority).

      Attachments

        Issue Links

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: