Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2689

Elytron, unable to use elytron ssl-context in server to host controller communication

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Blocker Blocker
    • None
    • None
    • Security

      In legacy there is possible to configure ssl context for the connection from the application server back to it's host controller in domain mode. This legacy configuration was added based on JBEAP-2514.

      I don't see Elytron alternative, such it would be possible to configure Elytron client ssl context.

      I have verified it is still possible to successfully configure domain mode in FIPS mode mixing 2 approaches:

      • Elytron for controller to controller communication
      • Legacy for server to controller communication.
      wildfly-config_5_0.xsd
          <xs:complexType name="serverType">
        <xs:all>
            <xs:element name="paths" type="specified-pathsType" minOccurs="0" maxOccurs="1" />

            <xs:element name="interfaces" type="specified-interfacesType" minOccurs="0"/>
            <xs:element name="socket-bindings" type="server-socket-bindingsType" minOccurs="0"/>

            <!--<xs:element name="loggers" type="loggersType" minOccurs="0"/>-->
            <xs:element name="system-properties" type="properties-with-boottime" minOccurs="0"/>
            <xs:element name="jvm" minOccurs="0" type="serverJvmType"/>

            <xs:element name="ssl" minOccurs="0" type="server-sslType">
                <xs:annotation>
                    <xs:documentation>
                        Configuration of the SSLContext used for the connection from the application server back to it's host controller.
                    </xs:documentation>
                </xs:annotation>
            </xs:element>
        </xs:all>
        <xs:attribute name="name" type="xs:string" use="required"/>
        <xs:attribute name="group" type="xs:string" use="required"/>
        <xs:attribute name="auto-start" type="xs:boolean" default="true"/>
        <xs:attribute name="update-auto-start-with-server-status" type="xs:boolean" default="false">
            <xs:annotation>
                <xs:documentation>
                    Iif the server last status (STARTED or STOPPED) is to be used to define the value of auto-start.
                </xs:documentation>
            </xs:annotation>
        </xs:attribute>
    </xs:complexType>

      I found issue now as:

      • RFE was switched into Verificaiton TODO in DR16
      • There existed and still exists couple of related issues (JBEAP-8147, JBEAP-10060, JBEAP-9630) which hint this area is not working properly, so focus was on another areas.

            darran.lofthouse@redhat.com Darran Lofthouse
            mchoma@redhat.com Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: