Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-3970

Add a management operation to allow an Elytron trust-manager to be re-initialized

    Details

    • Type: Feature Request
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 6.0.0.Beta1
    • Component/s: Security
    • Labels:
      None

      Description

      It is not possible to reload the certificates dynamically for Elytron's ldap-key-store.

      If some changes have been made in the certificates present in LDAP directory then EAP needs to be restarted first in order to see those changes done in LDAP directory which is not ideal for production environments.

      For simple file based keystores, load operation is available :

      -------------------------
      [standalone@localhost:9990 /] /subsystem=elytron/key-store=twoWayKS:load()
      -------------------------

      But this option is missing for ldap-key-store :

      -------------------------
      [standalone@localhost:9990 /] /subsystem=elytron/ldap-key-store=LKS1:load()

      { "outcome" => "failed", "failure-description" => "WFLYCTL0031: No operation named 'load' exists at address [ (\"subsystem\" => \"elytron\"), (\"ldap-key-store\" => \"LKS1\") ]", "rolled-back" => true }

      -------------------------

      There should be such option available to reload the content of ldap-key-store without restarting the EAP server.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jucook Justin Cook
                  Reporter:
                  fjuma Farah Juma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: