Details
-
Feature Request
-
Resolution: Done
-
Major
-
None
-
None
Description
It is not possible to reload the certificates dynamically for Elytron's ldap-key-store.
If some changes have been made in the certificates present in LDAP directory then EAP needs to be restarted first in order to see those changes done in LDAP directory which is not ideal for production environments.
For simple file based keystores, load operation is available :
-------------------------
[standalone@localhost:9990 /] /subsystem=elytron/key-store=twoWayKS:load()
-------------------------
But this option is missing for ldap-key-store :
-------------------------
[standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=LKS1:load()
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0031: No operation named 'load' exists at address [
(\"subsystem\" => \"elytron\"),
(\"ldap-key-store\" => \"LKS1\")
]",
"rolled-back" => true
}
-------------------------
There should be such option available to reload the content of ldap-key-store without restarting the EAP server.
Attachments
Issue Links
- is related to
-
WFCORE-4014 Truststore re-initialization not implemented correctly
-
- Resolved
-
