Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2136

Using management CLI with client configuration still prompts for username/password

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 3.0.0.Beta22
    • None
    • CLI, Security
    • None
    • Hide

      configure management interface

      /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir)
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add()
/subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"})
/subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm}],default-realm=exampleFsRealm,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=example-fs-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}])
/subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleManagementRealm}]}])
/core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth)
reload

      create custom-config.xml

      <configuration>
    <authentication-client xmlns="urn:elytron:1.0">
        <authentication-rules>
            <rule use-configuration="configuration1">
                <match-host name="localhost" />
            </rule>
        </authentication-rules>
        <authentication-configurations>
            <configuration name="configuration1">
                <allow-sasl-mechanisms names="DIGEST-MD5" />
                 <use-service-loader-providers />
                 <set-user-name name="user1" />
                 <credentials>
                     <clear-password password="password123" />
                 </credentials>
                 <set-mechanism-realm name="exampleManagementRealm" />
             </configuration>
        </authentication-configurations>
    </authentication-client>
</configuration>

      attempt to connect using custom-config.xml

      ./jboss-cli.sh -c  -Dwildfly.config.url=/path/to/custom-config.xml --controller=localhost:9990

      responds prompting for username

      Authenticating against security realm: exampleManagementRealm
Username:
      Show
      configure management interface /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir) /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add() /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password= "password123" }) /subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm}], default -realm=exampleFsRealm,permission-mapper= default -permission-mapper) /subsystem=elytron/http-authentication-factory=example-fs-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=exampleApplicationDomain}]}]) /subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleManagementRealm}]}]) /core-service=management/management- interface =http- interface :write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth) reload create custom-config.xml <configuration> <authentication-client xmlns= "urn:elytron:1.0" > <authentication-rules> <rule use-configuration= "configuration1" > <match-host name= "localhost" /> </rule> </authentication-rules> <authentication-configurations> <configuration name= "configuration1" > <allow-sasl-mechanisms names= "DIGEST-MD5" /> <use-service-loader-providers /> <set-user-name name= "user1" /> <credentials> <clear-password password= "password123" /> </credentials> <set-mechanism-realm name= "exampleManagementRealm" /> </configuration> </authentication-configurations> </authentication-client> </configuration> attempt to connect using custom-config.xml ./jboss-cli.sh -c -Dwildfly.config.url=/path/to/custom-config.xml --controller=localhost:9990 responds prompting for username Authenticating against security realm: exampleManagementRealm Username:

    Description

      When configuring the wildfly management cli to use an elytron client config file, server still prompts for username password.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9250 Elytron Client with Management CLI still prompts for password

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              zrhoads Zach Rhoads (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: