Bug 1463614
| Summary: | Install RHQ user operation not working when elytron is used for user authentication | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Operations Network | Reporter: | Filip Brychta <fbrychta> |
| Component: | Plugin -- JBoss EAP 7 | Assignee: | Michael Burman <miburman> |
| Status: | CLOSED WONTFIX | QA Contact: | Mike Foley <mfoley> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | JON 3.3.8 | CC: | loleary, miburman, rhatlapa |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | One-off release | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-02 15:25:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This operation is not supported. It was provided for development testing only and the failure identified here is not limited to just Elytron. It will occur with any security/authentication configuration that does not use the file based property role/user/password mapping. Closing as WONTFIX. |
Description of problem: The Install RHQ user operation fails with: "Management users properties file [] is not writable" when elytron is used for user authentication. Version-Release number of selected component (if applicable): JON3.3.8 + EAP plugin pack update05.CR01 EAP 7.1.ER01 How reproducible: Always Steps to Reproduce: 1. unzip and start EAP 7.1.ER01 2. enable elytron components: a) Set http-authentication-factory to use management-http-authentication /core-service=management/management-interface=http-interface:write-attribute( \ name=http-authentication-factory, \ value=management-http-authentication \ ) b) Set sasl-authentication-factory to use management-sasl-authentication /core-service=management/management-interface=http-interface:write-attribute( \ name=http-upgrade.sasl-authentication-factory, \ value=management-sasl-authentication \ ) c)Undefine security-realm /core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm) d)Reload JBoss EAP for the changes to take affect. reload 3. import EAP to JON inventory 4. run Install RHQ user operation Actual results: Operation fails with "Management users properties file [] is not writable" and EAP resource is down. Expected results: Additional info: Documentation: https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.beta/html-single/how_to_configure_server_security/#mgmt_user_authentication_with_eltyron When the rhqadmin user is added to mgmt-users.properties manually the EAP resource is UP and everything seems to be working.