Bug 1119510

Summary: RFE: Document Auth using EXTERNAL with certificates
Product: [JBoss] JBoss Data Grid 6 Reporter: gsheldon
Component: DocumentationAssignee: gsheldon
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: jdg-bugs, mhusnain, vjuranek
Target Milestone: Post GA   
Target Release: 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-15 00:01:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description gsheldon 2014-07-14 23:52:24 UTC 
From BZ#1067739 and BZ#1013853.

"we need the steps that a customer needs to perform on the Server-side and the Client-side to configure user authn using EXTERNAL."

Current topic exists but has been removed for 6.4:



Configure Hot Rod Authentication (X.509) [40931]
Comment 2 Misha H. Ali 2014-07-21 04:11:59 UTC 
Setting this to POST to indicate that we can't work on this yet. Gemma, please check with Vojta about when this is expected to be tested.
Comment 3 gsheldon 2014-08-04 03:42:07 UTC 
Setting NEEDINFO Vojtech.

Vojta will this feature be ready for the next release?

Thanks,

Gemma.
Comment 4 Vojtech Juranek 2014-08-11 11:04:17 UTC 
Hi Gemma,
this feature was actually already in JDG 6.3.0, but as it wasn't tested, it wasn't documented/supported. Should be tested/supported in JDG 6.3.1.
Comment 6 Vojtech Juranek 2014-08-18 10:42:54 UTC 
Hi Gemma,
text IMHO looks good and is sufficient. However, EXTERNAL auth wasn't tested yet, so I would give "verified" after testing it (maybe I'll discover something to be added during testing).
Comment 7 Vojtech Juranek 2014-09-04 07:26:43 UTC 
Hi Gemma, I finally implemented the test, sorry for the delay. 
There's one wrong name of the parameter, in table 8.4 and in 

<keystore path="..." relative-to="..." keystore-password="..." alias="..." key-password="..." />

the parameter for keystore password is not "key-password", but correct name is "keystore-password". Otherwise looks good to me.

I noticed that similar config is also in chapter "Procedure 8.3. Secure Hot Rod Using SSL/TLS". Maybe you can refer there table 8.4 for the meaning of the parameters. When reading it, I also noticed that code sample for Hot Rod connector is not accurate:

<security ssl="true" security-realm="ApplicationRealm" require-ssl-client-auth="false" />

should be 

<encryption ssl="true" security-realm="ApplicationRealm" require-ssl-client-auth="false" />

I.e. name of the element is not "security" but "encryption".
I hasn't found any other issue.
Comment 9 Vojtech Juranek 2014-09-04 07:52:18 UTC 
Hi Misha,
I'm sorry, I somehow missed that keystore-password is already present and thought there's a typo in key-password. The code sniplet in Chapter 8.7.6.4 is correct as it is, please don't remove anything and ignore the first part of my previous comment. Sorry for that
Comment 10 Misha H. Ali 2014-09-04 07:57:12 UTC 
Thanks, Vojta. Setting this for final review then.
Comment 11 Misha H. Ali 2014-09-15 00:01:43 UTC 
This content is now available on https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/