-
1. Re: WildFly 13: Is realm-name correct in standalone*.xml http-authentication-factory mechanism?
wildfly1 Jul 3, 2018 6:47 PM (in response to mevans7)Hello Mark ,
What are you trying to configure ? what is the end goal you want to achieve ?
Thanks,
Lily
-
2. Re: WildFly 13: Is realm-name correct in standalone*.xml http-authentication-factory mechanism?
mevans7 Jul 5, 2018 4:48 PM (in response to wildfly1)What am I trying to configure? Elytron for my WildFly 13 deployment.
What is the end goal I want to achieve? For this question, I'm wondering of there is a typographical error in the default WildFly 13 deployment that should be fixed.
-
3. Re: WildFly 13: Is realm-name correct in standalone*.xml http-authentication-factory mechanism?
dlofthouse Jul 6, 2018 5:46 AM (in response to mevans7)No this configuration is correct, the mechanism-realm / realm-name option is retrieved by the authentication mechanism and used as required by the mechanism, in the case of BASIC the text is only used to create the prompt to the remote user it is not used for any actual cryptographic operation so we are able to represent it in a more user friendly form with a space as really it is two works.
If this mechanism however was DIGEST then representation without the space would be important as this value would be used when hashing the username and password.
-
4. Re: WildFly 13: Is realm-name correct in standalone*.xml http-authentication-factory mechanism?
mevans7 Jul 6, 2018 12:06 PM (in response to dlofthouse)Reading the following (from From: WildFly Elytron Security):
Additional configuration can be supplied for the authentication mechanisms, the configuration will be described in more detail later but the purpose of the MechanismConfigurationSelector is to obtain configuration specific to the mechanism selected. This can include information about realm names a mechanism should present to a remote client plus additional NameRewriters and RealmMappers to use during the authentication process.
I don't know what "information about realm names a mechanism should present to a remote client" means. Does "Application Realm" actually get displayed for the user?
Also, I assumed since there was a tag "realm-name" that contained "Application Realm" that this referenced a security realm (<management><security-realms><security-realm name="Application Realm"). But there is no defined realm "Application Realm", only "ApplicationRealm". If these are different things, it is very confusing to have them differ by only one space.
-
5. Re: WildFly 13: Is realm-name correct in standalone*.xml http-authentication-factory mechanism?
dlofthouse Jul 6, 2018 1:07 PM (in response to mevans7)In the case of BASIC authentication the String "Application Realm" is sent to the client's web browser in the challenge, the browser can then choose if it displays this to the user when prompting for a username and password. Other than that is serves no other purpose and has not relationship with anything else on the server - can can update this String if you like to something more useful for your users.
-
6. Re: WildFly 13: Is realm-name correct in standalone*.xml http-authentication-factory mechanism?
mevans7 Jul 6, 2018 1:14 PM (in response to dlofthouse)So, the realm specified above is used as the WWW-Authenticate realm for the HTTP BASIC authentication as described here Basic access authentication - Wikipedia rather than any kind of realm from the wildfly configuration? Got it. (I was confused by the similarity to the "ApplicationRealm" in WildFly and the same "realm-name" tag name.