Bug 1463614 - Install RHQ user operation not working when elytron is used for user authentication
Install RHQ user operation not working when elytron is used for user authenti...
Product: JBoss Operations Network
Classification: JBoss
Component: Plugin -- JBoss EAP 7 (Show other bugs)
JON 3.3.8
Unspecified Unspecified
medium Severity medium
: ---
: One-off release
Assigned To: Michael Burman
Mike Foley
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2017-06-21 06:27 EDT by Filip Brychta
Modified: 2017-11-10 17:08 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-11-02 11:25:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Filip Brychta 2017-06-21 06:27:40 EDT
Description of problem:
The Install RHQ user operation fails with:
"Management users properties file [] is not writable"
when elytron is used for user authentication.

Version-Release number of selected component (if applicable):
JON3.3.8 + EAP plugin pack update05.CR01
EAP 7.1.ER01

How reproducible:

Steps to Reproduce:
1. unzip and start EAP 7.1.ER01
2. enable elytron components:
     a)  Set http-authentication-factory to use management-http-authentication

    /core-service=management/management-interface=http-interface:write-attribute( \
      name=http-authentication-factory, \
      value=management-http-authentication \

    b) Set sasl-authentication-factory to use management-sasl-authentication

    /core-service=management/management-interface=http-interface:write-attribute( \
      name=http-upgrade.sasl-authentication-factory, \
      value=management-sasl-authentication \

    c)Undefine security-realm


    d)Reload JBoss EAP for the changes to take affect. 

3. import EAP to JON inventory
4. run Install RHQ user operation

Actual results:
Operation fails with "Management users properties file [] is not writable"
and EAP resource is down.

Expected results:

Additional info:
Documentation: https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.beta/html-single/how_to_configure_server_security/#mgmt_user_authentication_with_eltyron

When the rhqadmin user is added to mgmt-users.properties manually the EAP resource is UP and everything seems to be working.
Comment 2 Larry O'Leary 2017-11-02 11:25:24 EDT
This operation is not supported.

It was provided for development testing only and the failure identified here is not limited to just Elytron. It will occur with any security/authentication configuration that does not use the file based property role/user/password mapping.

Closing as WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.