Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7638

It is not possible to set secure-socket-binding without security-realm in HTTP management interface

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • 11.0.0.Alpha1
    • 11.0.0.Alpha1
    • Security
    • None
    • Hide

      1) prepare Elytron configuration for SSL into standalone-elytron.xml - https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-SetupandConfigureAuthenticationfortheManagementInterfaces
      2) Add ssl-context to management-interface=http-interface:

      /core-service=management/management-interface=http-interface:write-attribute(name=ssl-context,value=httpsSSC)

      3) Try to set secure-socket-binding for management-interface=http-interface:

      /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding,value=management-https)
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set",
    "rolled-back" => true
}
      Show
      1) prepare Elytron configuration for SSL into standalone-elytron.xml - https://docs.jboss.org/author/display/WFLY/WildFly+Elytron+Security#ElytronExamples-SetupandConfigureAuthenticationfortheManagementInterfaces 2) Add ssl-context to management-interface=http-interface: /core-service=management/management- interface =http- interface :write-attribute(name=ssl-context,value=httpsSSC) 3) Try to set secure-socket-binding for management-interface=http-interface: /core-service=management/management- interface =http- interface :write-attribute(name=secure-socket-binding,value=management-https) { "outcome" => "failed" , "failure-description" => "WFLYCTL0380: Attribute 'security-realm' needs to be set or passed before attribute 'secure-socket-binding' can be correctly set" , "rolled-back" => true }

    Description

      I am not able to add secure-socket-binding attribute for management-interface=http-interface resource which does not include security-realm attribute. This means that "Elytron-only" authentication and SSL configuration for HTTP interface is not possible.

      Trying this issue for management-interface=native-interface is blocked by JBEAP-7424.

      As workaround, if security-realm is also added then authentication with Elytron works correctly (added security-realm is not used because Elytron-related attributes in HTTP management interface have higher priority).

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-7426 It is not possible to set secure-socket-binding without security-realm in HTTP management interface

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          duplicates

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2009 Management SSL Configuration always requires Security Realm

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: