Hide Forgot
Description of problem: There are some options which are not applied during configuration of JSSE element. List of configuration options: - Cipher suites used by SSLContext - Protocols used by SSLContext - Alias of client-side keystore - Alias of server-side keystore - Third party validation token Version-Release number of selected component (if applicable): EAP 6.2.0.ER7 How reproducible: Always Steps to Reproduce: 1. Run GUI installer. Go to Post-install configuration using default values. 2. Choose to add a Security-domain. Pres "Next" on first Security-domain Configuration screen to get to JSSE configuration screen. 3. Choose to add JSSE element. 4. Enter some values for: - Cipher suites used by SSLContext - Protocols used by SSLContext - Alias of client-side keystore - Alias of server-side keystore - Third party validation token 5. Choose to add keystore/truststore element to be able to finish the installation. 6. Start the server (you may see some error in logs If you enter some dummy values during configuration, ignore them) 7. Navigate to $JBOSS_HOME/bin directory and run: - ./jboss-cli.sh -c /subsystem=security/security-domain=mySecurityDomain/jsse=classic:read-resource Actual results: listed options are not configured { "outcome" => "success", "result" => { "additional-properties" => undefined, "cipher-suites" => undefined, "client-alias" => undefined, "client-auth" => undefined, "key-manager" => undefined, "keystore" => { "password" => "password", "type" => "JKS", "url" => "/home/pkremens/dummy.keystore" }, "protocols" => undefined, "server-alias" => undefined, "service-auth-token" => undefined, "trust-manager" => undefined, "truststore" => undefined } } Expected results: cipher-suites, protocols, server-alias, client-alias ,and client-auth are configured with values entered in step 4.
I've corrected the variable names for the above properties, and the installer now sets them correctly during the post-install phase. See: http://git.app.eng.bos.redhat.com/jbossas-installer.git/commit/?h=eap-6.2&id=05a511866b6402355df05a466ca12fed3fa8e6a3
There is another bug in this. The command for creating jsse element is using wrong attribute names. Actual: ... ,clientalias="server",serveralias="client" ... Expected: ... ,client-alias="server",server-alias="client" ... How about some validation that CLI batch ended with success for the future?
I've corrected the names of these two variables so the correct command is sent to the CLI. See: http://git.app.eng.bos.redhat.com/jbossas-installer.git/commit/?h=eap-6.2&id=10ae2134f9985e87124ad0d28c1b8de31913e35b and http://git.app.eng.bos.redhat.com/jbossas-installer.git/commit/?h=eap-6.2&id=a9e0e7e6a675de07749da6a3a80b8ecd8b5fa0ab As to the validation: Many of these CLI commands use only the variables/elements that are filled out by the user, so it's entirely possible (although very bad) that we hadn't tested client-alias and server-alias before, and thus never got the FAIL from the cli for using the wrong attribute names. What will do for the future is create some xml installer configurations that we can run in auto-mode to test all of the different post-install fields. This way we'll hopefully catch more of these before ER/CR releases.
Verified on EAP 6.2.0.CR2 isntaller, all configuration options listed above are now used.