1 Reply Latest reply on Aug 6, 2018 10:16 PM by Francis Free

    Wildfly 13 Elytron

    Francis Free Newbie

      Need help to migrate CertificateRoles to the new Elytron configuration

      Any help will be appreciated

       

      Below is my configuration in wildfly 10.1

      <security-realm name="SSLRealm">

                      <server-identities>

                          <ssl>

                              <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>

                          </ssl>

                      </server-identities>

                      <authentication>

                          <truststore path="CA.truststore" relative-to="jboss.server.config.dir" keystore-password="CA123456"/>

                      </authentication>

                  </security-realm>

       

      <https-listener name="https" socket-binding="https" security-realm="SSLRealm" verify-client="REQUESTED" enable-http2="true"/>

       

      <security-domain name="client-cert-domain">

                          <authentication>

                              <login-module code="CertificateRoles" flag="required">

                                  <module-option name="securityDomain" value="client-cert-domain"/>

                                  <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/client-certs-users.properties"/>

                                  <module-option name="defaultRolesProperties" value="file:${jboss.server.config.dir}/client-certs-users.properties"/>

                              </login-module>

                          </authentication>

                          <jsse truststore-password="123456" truststore-url="${jboss.server.config.dir}/client.truststore" client-auth="true"/>

                      </security-domain>