Bug 840403 (JON3-19, PRODMGT-454)

Summary: the plugin for JBoss EAP 6 / AS 7 needs to support SSL/TLS encryption and authentication
Product: [JBoss] JBoss Operations Network Reporter: Tom Fonteyne <tfonteyn>
Component: Plugin -- JBoss EAP 6, SecurityAssignee: Thomas Segismont <tsegismo>
Status: CLOSED CURRENTRELEASE QA Contact: Filip Brychta <fbrychta>
Severity: high Docs Contact:
Priority: unspecified    
Version: JON 3.1.0CC: alexandre.belisle, bdavis, hrupp, loleary, mfoley, myarboro, rhatlapa, stianlund+bugzilla, tfonteyn, theute, tsegismo
Target Milestone: DR01   
Target Release: JON 3.3.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 840404 1062552 (view as bug list) Environment:
Last Closed: 2014-12-11 14:01:03 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 840404, 1062552    

Comment 2 Charles Crouch 2012-08-14 16:06:46 UTC 
Targeting for consideration in JON320
Comment 3 Larry O'Leary 2013-06-26 12:50:40 UTC 
This BZ represents a request that the AS7 / EAP 6 managed plug-in needs to support SSL (HTTPS) along with client auth to handle cases in where the EAP HTTP management interface has been secured using SSL.
Comment 9 Thomas Segismont 2014-02-04 17:15:47 UTC 
Merged in master

commit a201914f7204e59fb40ce3eba2cbbea7accd728c
Author: Thomas Segismont <tsegismo>
Date:   Wed Jan 22 16:02:06 2014 +0100
Comment 10 Stian Lund 2014-03-21 10:10:01 UTC 
So basically, now AS7/EAP is SSL by default, and requires a lot more configuration on part of user.

I think there's a misunderstanding on the meaning of "needs to support" instead of "requires".
Comment 11 Thomas Segismont 2014-03-21 10:36:58 UTC 
(In reply to Stian Lund from comment #10)
> So basically, now AS7/EAP is SSL by default, and requires a lot more
> configuration on part of user.

Who said that?

> 
> I think there's a misunderstanding on the meaning of "needs to support"
> instead of "requires".

Unless I missed something, AS7Plugin now supports but does not require SSL protected servers.
Comment 12 Stian Lund 2014-03-21 11:52:54 UTC 
> Who said that?

Well, I said it :)

> Unless I missed something, AS7Plugin now supports but does not require SSL protected servers.

Well, the problem is, that when discovering new AS7 servers, it uses the management-https port by default, leading to us having to change the port to standard mangement-http manually and turn off encryption.

I made a question on the RHQ forums about the same, and asked if there was any setting to override this behaviour.

Stian
Comment 13 Thomas Segismont 2014-03-21 13:17:09 UTC 
(In reply to Stian Lund from comment #12)
> Well, the problem is, that when discovering new AS7 servers, it uses the
> management-https port by default, leading to us having to change the port to
> standard mangement-http manually and turn off encryption.
> 

AS7 plugin *chooses* https port if it is configured. It's a preference when both http and https port are accessible.
Comment 14 Stian Lund 2014-03-21 14:09:43 UTC 
> AS7 plugin *chooses* https port if it is configured. It's a preference when both http and https port are accessible.

Hmm... so any way to override this choice and only use http? Because otherwise we will need to change all our AS7 servers to not have management-https configured or do a lot of changes in RHQ.
Comment 15 Simeon Pinder 2014-07-31 15:51:54 UTC 
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993