1038738 – Incorrect format of Vault keys in standalone.xml for overlord-jaxrs login module

Bug 1038738 - Incorrect format of Vault keys in standalone.xml for overlord-jaxrs login module

Summary: Incorrect format of Vault keys in standalone.xml for overlord-jaxrs login module

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Fuse Service Works 6
Classification:	JBoss
Component:	Installer
Sub Component:
Version:	6.0.0 GA
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ER7
Target Release:	---
Assignee:	Thomas Hauser
QA Contact:	Len DiMaggio
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-05 17:28 UTC by Eric Wittmann
Modified:	2014-02-06 15:29 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Eric Wittmann 2013-12-05 17:28:57 UTC

Description of problem:
Build 27 of the ER7 installer incorrectly configures the standalone.xml file with respect to the overlord-jaxrs login module.  

The current markup is this:

<security-domain name="overlord-jaxrs" cache-type="default">
   <authentication>
      <login-module code="org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule" flag="sufficient">
         <module-option name="allowedIssuers" value="/s-ramp-ui,/dtgov,/dtgov-ui,/gadget-web,/bpel-console"/>
         <module-option name="signatureRequired" value="true"/>
         <module-option name="keystorePath" value="${jboss.server.config.dir}/overlord-saml.keystore"/>
         <module-option name="keystorePassword" value="VAULT::vault::saml-keystore.password::1"/>
         <module-option name="keyAlias" value="overlord"/>
         <module-option name="keyPassword" value="VAULT::overlord::overlord-alias.password::1"/>
      </login-module>
      <login-module code="RealmDirect" flag="required">
          <module-option name="password-stacking" value="useFirstPass"/>
      </login-module>
   </authentication>
 </security-domain>

The values for "keystorePassword" and "keyPassword" are missing the surrounding ${}.  So they *should* be:

         <module-option name="keystorePassword" value="${VAULT::vault::saml-keystore.password::1}"/>
         <module-option name="keyPassword" value="${VAULT::overlord::overlord-alias.password::1}"/>

Comment 2 Thomas Hauser 2013-12-13 17:04:12 UTC

This should certainly be fixed in ER7-2.

Comment 4 Len DiMaggio 2013-12-17 20:10:54 UTC

Verified in ER7-2

grep keystorePassword standalone.xml 
                            <module-option name="keystorePassword" value="${VAULT::vault::saml-keystore.password::1}"/>

grep keyPassword standalone.xml 
                            <module-option name="keyPassword" value="${VAULT::overlord::overlord-alias.password::1}"/>

Note You need to log in before you can comment on or make changes to this bug.