0 Replies Latest reply on Jul 19, 2018 4:59 PM by seanmanning

    How can you use Elytron in slave host controller to send credentials to domain controller?

    seanmanning

      I haven't been able to find in the Wildfly documentation how to have a slave host controller send its credentials to authenticate its connection the domain controller using Elytron.  In the regular way you can use the secret element with the value returned from the add-user.sh script in the ManagementRealm:

       

      <host xmlns="urn:jboss:domain:5.0">

      .

      .

      .

          <management>

              <security-realms>

                  <security-realm name="ManagementRealm">

                      <server-identities>

                          <secret value="YmxhaA=="/>

                      </server-identities>

                      <authentication>

                          <local default-user="$local" skip-group-loading="true"/>

                          <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>

                      </authentication>

                      <authorization map-groups-to-roles="false">

                          <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>

                      </authorization>

                  </security-realm>

              </security-realms>

          </management>

      .

      .

      .

      </host>

       

      But if you're going to use Elytron instead of the old security extension I don't know how to specify that server identity value.  I assume it would involve the "authentication-context" part of the domain-controller /host=seans-mac-pro.local:write-remote-domain-controller(authentication-context=<???>) to point to an authentication-context in the Elytron extension configuration section but I'm not sure where you'd put the base64 encoded password secret from the add-user.sh script.