Profile Photo
The WildFly 11 release includes a new security framework WildFly Elytron, a number of blog posts are being written by a number of engineers so this article is to try and collect references to them in one location.   Although this initially contains links to blog posts written by the core engineering teams feel free to add links to any blog posts…
in WildFly
Profile Photo
Since WildFly 18 will be released in a few weeks, just wanted to highlight the new security features that will be included in this release.   Certificate Authority Configuration  Since WildFly 14, it's possible to obtain and manage certificates from Let’s Encrypt using the WildFly CLI. WildFly 18 now adds the ability to make use of any… (Show more)
in Farah Juma's blog posts
Profile Photo
One of the new security features that we have been working on is adding support for automatic updates of credential stores. Although this feature didn’t make it into WildFly 18, the plan is to have it included in WildFly 19. This blog post will give an introduction to this new feature.   Credential References  A credential store allows for secure… (Show more)
in Farah Juma's blog posts
Profile Photo
HI   maybe you can assis with this or guide for alternative solution   I ran this command: sudo certbot certonly --manual --preferred-challenges http -d my-domain.co.il -d www.my-domain.co.il --manual-auth-hook /opt/SSLCertificates/authenticator.sh --non-interactive --manual-public-ip-logging-ok     where opt/SSLCertificates/authenticator.sh… (Show more)
in WildFly
Profile Photo
We've upgraded form 10 to 17, so we can use multiple domains and certificates, but now we're receiving a handshake error connecting to our SMTP server. We believe it's because our client trust store is not specified in standalone.xml, but the security configuration is so different, and there's no documentation for setting this up.
in WildFly
Profile Photo
Is wildfly-config.xml is mandatory for WildFly Naming Client? I have removed it and used the Programmatic Approach because of this: wildfly-config.xml contains user creds which will be available as principal in EJB. We have multiple users using same client. Also using a custom security realm. So user creds will change each time.   But the… (Show more)
in WildFly
Profile Photo
First, I am using Thorntail 2.4.0.Final (WildFly Core 7.0.0.Final) with Elytron 1.7.0.Final on Java 1.8.0_212 so please let me know if I should be or would more likely get help posting in another forum.   6/17/2019 Update: I received a recommendation to limit this post to the minimum Elytron configuration related to the two-way SSL/TLS so the… (Show more)
in WildFly
Profile Photo
For certificate-based authentication, the client presents its X.509 certificate chain to the server. The server then verifies this certificate chain using its truststore. The truststore only needs to contain certificates for root certificate authorities or intermediate certificate authorities, it doesn’t need to contain the individual client… (Show more)
in Farah Juma's blog posts
Profile Photo
Since the feature development phase for WildFly 18 has now started, we wanted to highlight the security features that we are planning to work on for this release.   Planned Features  The features in this first set are ones that were actively developed during the WildFly 17 feature development phase. Many of these are now close to being merged:  … (Show more)
in Farah Juma's blog posts
Profile Photo
A new security feature that we have been working on is enhancing the way an X.509 certificate chain gets mapped to an underlying identity. This feature will be included in WildFly 18. This blog post gives an overview of this new feature.   X.509 certificate chain evidence  For certificate-based authentication, the client presents its X.509… (Show more)
in Farah Juma's blog posts
Load more items