1 2 Previous Next 15 Replies Latest reply on Dec 13, 2018 12:50 AM by anieshmathew

Connect to Management Interface

coelhu Jul 22, 2016 3:18 PM

Hello

After enabling RBAC authentication (/core-service=management/access=authorization:write-attribute(name=provider,value=rbac) when I access the Domain Controller web interface it shows the image below.

I have added several management interfaces but none worked, and I can connect to the DC using CLI remotely (connect 192.168.253.54:9999)

My wildfly is "wildfly-10.0.0.Final" using Domain Mode

My host.xml interesting part:

<management-interfaces>

<native-interface security-realm="ManagementRealm">

</native-interface>

<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true" allowed-origins="https://srv-wildflydc-tst-01 https://srv-wildflydc-tst-01:9993 http://127.0.0.1:9990 https://srv-wildflydc-tst-01:9993 192.168.253.54:9999">

</http-interface>

</management-interfaces>

If I change from RBAC to simple again I can access normally the Web Interface, so the management interface is OK while rbac is not active.

Nothing wrong shows in the logs.... so I'm asking for helping.

The Documentation about RBAC does not mention this screen.

Someone knows how to fix this?

Thanks

1. Re: Connect to Management Interface

ctomc Jul 22, 2016 5:06 PM (in response to coelhu)

as the screen says, you are missing one origin in your configuration.
add the one that console says is missing to your config, restart server and it should work
Actions
2. Re: Connect to Management Interface

coelhu Jul 25, 2016 1:11 PM (in response to ctomc)

Yes, I did
/host=master/core-service=management/management-interface=http-interface:list-add(name=allowed-origins,value=https://srv-wildflydc-tst-01:9993)

I added others since the above didn't worked. (wildfly/domain/configuration/host.xml)
        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket interface="management" port="${jboss.management.native.port:9999}"/>
            </native-interface>
            <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true" allowed-origins="https://srv-wildflydc-tst-01 https://srv-wildflydc-tst-01:9993 http://127.0.0.1:9990 https://srv-wildflydc-tst-01:9993 192.168.253.54:9999">
                <socket interface="management" secure-port="${jboss.management.http.port:9993}"/>
            </http-interface>
        </management-interfaces>

So the problem persists, I restarted the server with reload --host=master and service wildfly restart.

I have tested multiple connections settings like the image below but no one worked (remember, I can connect to the Domain Controller from another host using jboss.cli with "connect 192.168.253.54:9999"

I don't understand why enabling RBAC authentications causes this error. I need to enable other interface in the domain.xml?
Actions
3. Re: Connect to Management Interface

dlofthouse Jul 25, 2016 1:32 PM (in response to coelhu)

Have you assigned any roles for the user connecting to the server? I am wondering if the error message is misleading.
Actions
4. Re: Connect to Management Interface

coelhu Jul 26, 2016 7:30 AM (in response to dlofthouse)

Yes, I added a user in the Administrator role before enabling rbac. I added this user first using the add_user script as "Management User" and then added it with the same username using web interface in "Access Control -> Users -> User -> Add" but I don't know if this is the right way because when you add a new user there is no drop-down list of users already in the system, so I typed the same username added using the script.
Actions
5. Re: Connect to Management Interface

bonadonna Oct 13, 2016 6:04 AM (in response to coelhu)

hi there, did you find a solution for your issue? I've exactly the same problem!

Thanks
Actions
6. Re: Connect to Management Interface

urbandroid Oct 15, 2016 4:51 PM (in response to coelhu)

I don't know is this what you are looking for but at simple create user @ManagementRealm then change to rbac and try to acces.
Actions
7. Re: Connect to Management Interface

talk2gupta Dec 14, 2016 7:02 AM (in response to coelhu)
Dear Sir,

Pls. suggest me how to resolve “Connect to Management Interface” Issue in wildfly10 (standalone) Server running on Ubuntu 14.04 Server
I am using standalone-full.xml file.

Thanks,
Sonu Kumar Gupta
Actions
8. Re: Connect to Management Interface

mayerw01 Dec 17, 2016 5:33 AM (in response to talk2gupta)

I'd suggest that you open a new case for this issue.
But you should check your server.log also.
There you should find there an entry like: WFLYSRV0051: Admin console listening on http://<your-ip-address>:9990
Actions
9. Re: Connect to Management Interface

talk2gupta Dec 19, 2016 2:09 AM (in response to mayerw01)

Hi Team JBoss Developer,

In my server.log file entry is:
*2016-12-15 13:04:44,965 INFO [org.jboss.as <http://org.jboss.as>]
(Controller Boot Thread) WFLYSRV0051: Admin console listening on
http://0.0.0.0:9990 <http://0.0.0.0:9990>*

Regards,
Sonu Kumar Gupta
Actions
10. Re: Connect to Management Interface

mayerw01 Dec 19, 2016 9:32 AM (in response to talk2gupta)

Did you also make sure that this port is used by Wildfly, like?
fuser -n tcp 9990
ps -ef | grep <process-Id>
Actions
11. Re: Connect to Management Interface

garysamuelson Mar 7, 2017 3:20 PM (in response to coelhu)

I was also having some issue getting RBAC up and running within my WildFly v10.1 server.
I narrowed the issue down to the CLI command - it appears there's either some session and/or caching issue.

Steps:
1) follow instructions, using CLI, and enable RBAC.
2) the error then appears as described above

I hacked away on this for a few hours - then I stepped back and thought it may be a CLI related issue.
So... I applied the manual, direct XML config file editing approach. This worked!

see:
at end of page: "If the server is off-line the XML configuration can be edited to enabled or disable RBAC."
11.8.2. Enabling Role-Based Access Control

And, now I'm able to use the "access control" features from the admin console.

Here's the URL listed in the browser:
http://centosw02:9990/console/App.html#rbac <<< note the "#rbac"
Actions
12. Re: Connect to Management Interface

gary_samuelson Mar 9, 2017 8:59 AM (in response to garysamuelson)

Need to add the following details to the above.

Here is the full configuration section under "access-control"

```
       <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user name="$local"/>
                        <user alias="admin" name="admin"/>   <<<< this being the important bit. 1) add user via "add-user.sh"   2) update this section with name
                    </include>
                </role>
            </role-mapping>
        </access-control>
```
1 of 1 people found this helpful
Actions
13. Re: Connect to Management Interface

kostas.g.papadopoulos Feb 23, 2018 8:21 AM (in response to coelhu)

Had the same problem with Wildfly 11.

The solution was to use the console to re-create an admin user with SuperUser role in ManagementRealm realm before I enabled rbac.

Hope this helps
kostas
Actions
14. Re: Connect to Management Interface

scanales Aug 21, 2018 7:06 AM (in response to gary_samuelson)

This worked for me! Thx

gary_samuelson wrote:

Need to add the following details to the above.

Here is the full configuration section under "access-control"

```
       <access-control provider="rbac">
            <role-mapping>
                <role name="SuperUser">
                    <include>
                        <user name="$local"/>
                        <user alias="admin" name="admin"/>   <<<< this being the important bit. 1) add user via "add-user.sh"   2) update this section with name
                    </include>
                </role>
            </role-mapping>
        </access-control>
```
Actions

1 2 Previous Next

Go to original post