4 Replies Latest reply on Dec 7, 2016 2:42 AM by codergeek

Adding a security domain with server identity in host.xml via CLI

codergeek Dec 5, 2016 9:11 AM

Hello,

I'm trying to add a security realm with a server identity to the host.xml file. The result should be as follows:

<host name="SlaveNode" xmlns="urn:jboss:domain:2.2">

    <management>
        <security-realms>
            <security-realm name="ManagementRealm">
                <authentication>
                    <local default-user="$local" skip-group-loading="true"/>
                    <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
                <authorization map-groups-to-roles="false">
                    <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
                    <properties path="application-users.properties" relative-to="jboss.domain.config.dir"/>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
                </authorization>
            </security-realm>
            <security-realm name="SlaveNodeRealm">
                <server-identities>
                    <secret value="MySecretValue"/>
                </server-identities>
            </security-realm>
        </security-realms>

I tried

/host=SlaveNode/core-service=management/security-realm

but there does not seem to be any add method. Could somebody show me how to do this the right way?

1. Re: Adding a security domain with server identity in host.xml via CLI

dlofthouse Dec 5, 2016 9:28 AM (in response to codergeek)

After security-realm you need =name-of-new-security-realm the add operation should be available there.
1 of 1 people found this helpful
Actions
2. Re: Adding a security domain with server identity in host.xml via CLI

codergeek Dec 6, 2016 9:12 AM (in response to dlofthouse)
Thank you for your answer! I got the realm now. The other question is how do I get the server identity in there. I tried it similar to the security realm, but it seems that the add method does not exist in this case:

/host=SlaveNode/core-service=management/security-realm=SlaveNodeRealm/server-identity=MySecretValue

In fact it looks like there is no method at all defined at this point (I do not get any option after the colon). When I execute it without a command, like above, I get:

The operation name is missing or the format of the operation request is wrong.
Actions
3. Re: Adding a security domain with server identity in host.xml via CLI

mchoma Dec 6, 2016 11:12 AM (in response to codergeek)
I would suggest you to use <TAB> for autocomplete in CLI
In your case it would provide you these options:

[standalone@embedded /] /core-service=management/security-realm=ManagementRealm/server-identity=<TAB> kerberos secret ssl
Actions
4. Re: Adding a security domain with server identity in host.xml via CLI

codergeek Dec 7, 2016 2:42 AM (in response to mchoma)

I have used autocomplete, but the problem is that I do not get any option when I use autocomplete after "server-identity=". I'm using WildFly version 8.2.1 in domain mode.
Actions

Go to original post