Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7393

Unable to access http management interface secured by legacy ldap realm

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.DR10
    • 7.1.0.DR8
    • Security
    • None
    • Not Required
    • Hide

      1) Start server

      ./standalone.sh

      2) Configure server with CLI

      /core-service=management/ldap-connection=ldapConnection:add(url="ldap://localhost:10389", search-credential="secret", search-dn="uid=admin,ou=system")
/core-service=management/security-realm=ldap-realm:add()
/core-service=management/security-realm=ldap-realm/authentication=ldap:add(connection=ldapConnection, base-dn="ou=People,dc=jboss,dc=org", username-attribute=uid)
/core-service=management/management-interface=http-interface:write-attribute(name=security-realm, value=ldap-realm)
reload

      3) Access http://localhost:9990/management?operation=attribute&name=server-state in browser
      4) Instead of 401 status code and authentication dialog box, 403 is return as response, so user have no chance to provide credentials.

      Show
      1) Start server ./standalone.sh 2) Configure server with CLI /core-service=management/ldap-connection=ldapConnection:add(url= "ldap: //localhost:10389" , search-credential= "secret" , search-dn= "uid=admin,ou=system" ) /core-service=management/security-realm=ldap-realm:add() /core-service=management/security-realm=ldap-realm/authentication=ldap:add(connection=ldapConnection, base-dn= "ou=People,dc=jboss,dc=org" , username-attribute=uid) /core-service=management/management- interface =http- interface :write-attribute(name=security-realm, value=ldap-realm) reload 3) Access http://localhost:9990/management?operation=attribute&name=server-state in browser 4) Instead of 401 status code and authentication dialog box, 403 is return as response, so user have no chance to provide credentials.

      When http management interface is secured with legacy security realm using ldap, user is not prompted to provide credentials as should be in case of BASIC http authentication mechanism. Instead 403 http status is returned directly.

      Users won't be able to migrate their current (6.4, 7.0) configuration to 7.1 without change.

            darran.lofthouse@redhat.com Darran Lofthouse
            mchoma@redhat.com Martin Choma
            Martin Choma Martin Choma
            Martin Choma Martin Choma
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: