Bug 1019990 - Password entered into installer is written to overlord-idp-users in plain text
Password entered into installer is written to overlord-idp-users in plain text
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Installer (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER7
: 6.0.0
Assigned To: Thomas Hauser
Jiri Pechanec
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-16 14:06 EDT by Len DiMaggio
Modified: 2014-02-06 10:26 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-06 10:26:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Len DiMaggio 2013-10-16 14:06:49 EDT
Description of problem:

standalone/configuration/overlord-idp-users.properties:admin=password1#


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Gary Brown 2013-10-17 04:00:32 EDT
I believe this will be resolved post-beta with the use of the vault.
Comment 2 Eric Wittmann 2013-10-29 09:18:20 EDT
This has been addressed by removing the overlord-idp-*.properties files.  The Overlord SSO IDP now uses the EAP application realm as its source for credentials rather than its own properties files.

The installer should change to reflect this reality.  I *think* the installer should be asking for two passwords:

1) the Management user
2) an Application user

The former is used to log into the EAP management console.

The latter is used to log into the FSW6 UI applications, including:

* BPEL console
* S-RAMP UI
* DTGov UI
* Gadget Web (rtgov UI)

The installer should change so that it prompts for the application user and then creates that user via "add-user.sh" or equivalent.

Handing this BZ over to thauser to complete the installer part.
Comment 4 Thomas Hauser 2013-11-14 09:48:30 EST
These changes have been made for ER7.
Comment 5 Jiri Pechanec 2013-12-13 00:51:48 EST
File removed in ER7

Note You need to log in before you can comment on or make changes to this bug.