Bug 1013987

Summary: Valve cannot be configured for Management Web Console
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: FIlip Bogyai <fbogyai>
Component: Domain ManagementAssignee: Brian Stansberry <brian.stansberry>
Status: CLOSED WONTFIX QA Contact: Petr Kremensky <pkremens>
Severity: medium Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.2.0CC: brian.stansberry, emuckenh, jcacek, jkudrnac
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-01 17:20:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description FIlip Bogyai 2013-10-01 08:14:59 UTC 
It is not possible to configure valve for management web console. If you want to use Kerberos authentication, you must add NegotiationAuthenticator valve to application's jboss-web.xml. Second option is to set up Global Valve( with NegotiationAuthenticator) in web subsystem, which is used for all deployed applications, but NOT for management web console. 

This request comes from Openshift team.
Comment 1 Brian Stansberry 2013-10-01 17:20:36 UTC 
EAP 6's HTTP management interface does not use JBoss Web and JBoss Web notions are not applicable to its configuration.

Please start a discussion of the underlying authentication requirements (not a proposal as to the solution) on wildfly-dev.org (the public upstream mailing list) or, if a public list is not allowed, on jbossas (the internal technical list for EAP.) It's quite possible that a solution to the fundamental problem OpenShift is facing may already be present or in the works.