Bug 1463614 - Install RHQ user operation not working when elytron is used for user authentication
Summary: Install RHQ user operation not working when elytron is used for user authenti...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Plugin -- JBoss EAP 7
Version: JON 3.3.8
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: One-off release
Assignee: Michael Burman
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-21 10:27 UTC by Filip Brychta
Modified: 2017-11-10 22:08 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-11-02 15:25:24 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1448522 0 urgent CLOSED Two way ssl between agent and EAP 7.1 host controller using elytron is not working 2021-02-22 00:41:40 UTC

Internal Links: 1448522

Description Filip Brychta 2017-06-21 10:27:40 UTC
Description of problem:
The Install RHQ user operation fails with:
"Management users properties file [] is not writable"
when elytron is used for user authentication.

Version-Release number of selected component (if applicable):
JON3.3.8 + EAP plugin pack update05.CR01
EAP 7.1.ER01

How reproducible:
Always

Steps to Reproduce:
1. unzip and start EAP 7.1.ER01
2. enable elytron components:
     a)  Set http-authentication-factory to use management-http-authentication

    /core-service=management/management-interface=http-interface:write-attribute( \
      name=http-authentication-factory, \
      value=management-http-authentication \
    )

    b) Set sasl-authentication-factory to use management-sasl-authentication

    /core-service=management/management-interface=http-interface:write-attribute( \
      name=http-upgrade.sasl-authentication-factory, \
      value=management-sasl-authentication \
    )

    c)Undefine security-realm

    /core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)

    d)Reload JBoss EAP for the changes to take affect. 

reload
3. import EAP to JON inventory
4. run Install RHQ user operation

Actual results:
Operation fails with "Management users properties file [] is not writable"
and EAP resource is down.

Expected results:


Additional info:
Documentation: https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.beta/html-single/how_to_configure_server_security/#mgmt_user_authentication_with_eltyron

When the rhqadmin user is added to mgmt-users.properties manually the EAP resource is UP and everything seems to be working.

Comment 2 Larry O'Leary 2017-11-02 15:25:24 UTC
This operation is not supported.

It was provided for development testing only and the failure identified here is not limited to just Elytron. It will occur with any security/authentication configuration that does not use the file based property role/user/password mapping.

Closing as WONTFIX.


Note You need to log in before you can comment on or make changes to this bug.