Bug 1010819
Summary: | RTGov authentication does not work internally | ||||||
---|---|---|---|---|---|---|---|
Product: | [JBoss] JBoss Fuse Service Works 6 | Reporter: | Jiri Pechanec <jpechane> | ||||
Component: | Installer, Configuration | Assignee: | Douglas Palmer <dpalmer> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Len DiMaggio <ldimaggi> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.0.0 GA | CC: | atangrin, eric.wittmann, jcoleman, ncross, soa-p-jira | ||||
Target Milestone: | ER4 | ||||||
Target Release: | 6.0.0 | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-02-06 15:25:43 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jiri Pechanec
2013-09-23 06:41:48 UTC
Created attachment 802199 [details]
standalone.xml patch
The problem is that authentication has been switched over to SAML bearer token authentication (which does not require any credentials to be stored in the gadget server configuration file). However, the gadget server has not been added as a recognized SAML assertion issuer in the overlord service provider login module configuration in standalone.xml. This patch should fix the problem.
This change will require updates to the sramp cli-scripts used in the installer. In order to unblock testing - please document how QE can correct the script to workaround the bug. You could apply the attached patch to standalone.xml after installation of FSW is complete. Within jboss-eap-6.1/cli-scripts/overlord-addSecurityDomains.cli, the final line needs to change from /subsystem=security/security-domain=overlord-jaxrs/authentication=classic:add(login-modules=[{code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule",flag=sufficient,module-options={allowedIssuers="/s-ramp-ui,/s-ramp-governance,/dtgov-ui"}},{code=UsersRoles,flag=sufficient,module-options={usersProperties="${jboss.server.config.dir}/overlord-idp-users.properties",rolesProperties="${jboss.server.config.dir}/overlord-idp-roles.properties"}}] to /subsystem=security/security-domain=overlord-jaxrs/authentication=classic:add(login-modules=[{code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule",flag=sufficient,module-options={allowedIssuers="/s-ramp-ui,/s-ramp-governance,/dtgov-ui,/gadget-web"}},{code=UsersRoles,flag=sufficient,module-options={usersProperties="${jboss.server.config.dir}/overlord-idp-users.properties",rolesProperties="${jboss.server.config.dir}/overlord-idp-roles.properties"}}] Not sure I should be assigned to this bug, by the way I can confirm the patch fixes the issues. Fixed by 4c5c41b0a6c0f6c198de2731a86d6e493b405f71 Verified in ER4 04-Oct-2013 04:44 |