This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 840403 - (JON3-19, PRODMGT-454) the plugin for JBoss EAP 6 / AS 7 needs to support SSL/TLS encryption and authentication
the plugin for JBoss EAP 6 / AS 7 needs to support SSL/TLS encryption and aut...
Status: CLOSED CURRENTRELEASE
Product: JBoss Operations Network
Classification: JBoss
Component: Plugin -- JBoss EAP 6, Security (Show other bugs)
JON 3.1.0
All All
unspecified Severity high
: DR01
: JON 3.3.0
Assigned To: Thomas Segismont
Filip Brychta
:
Depends On:
Blocks: 840404 1062552
  Show dependency treegraph
 
Reported: 2012-07-16 05:23 EDT by Tom Fonteyne
Modified: 2014-12-11 09:01 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 840404 1062552 (view as bug list)
Environment:
Last Closed: 2014-12-11 09:01:03 EST
Type: Feature Request
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker PRODMGT-454 Major Closed The EAP 6 plug-in does not support a secure HTTP transport (SSL/HTTPS) 2016-02-23 18:52 EST
Red Hat Knowledge Base (Solution) 315743 None None None Never

  None (edit)
Comment 2 Charles Crouch 2012-08-14 12:06:46 EDT
Targeting for consideration in JON320
Comment 3 Larry O'Leary 2013-06-26 08:50:40 EDT
This BZ represents a request that the AS7 / EAP 6 managed plug-in needs to support SSL (HTTPS) along with client auth to handle cases in where the EAP HTTP management interface has been secured using SSL.
Comment 9 Thomas Segismont 2014-02-04 12:15:47 EST
Merged in master

commit a201914f7204e59fb40ce3eba2cbbea7accd728c
Author: Thomas Segismont <tsegismo@redhat.com>
Date:   Wed Jan 22 16:02:06 2014 +0100
Comment 10 Stian Lund 2014-03-21 06:10:01 EDT
So basically, now AS7/EAP is SSL by default, and requires a lot more configuration on part of user.

I think there's a misunderstanding on the meaning of "needs to support" instead of "requires".
Comment 11 Thomas Segismont 2014-03-21 06:36:58 EDT
(In reply to Stian Lund from comment #10)
> So basically, now AS7/EAP is SSL by default, and requires a lot more
> configuration on part of user.

Who said that?

> 
> I think there's a misunderstanding on the meaning of "needs to support"
> instead of "requires".

Unless I missed something, AS7Plugin now supports but does not require SSL protected servers.
Comment 12 Stian Lund 2014-03-21 07:52:54 EDT
> Who said that?

Well, I said it :)

> Unless I missed something, AS7Plugin now supports but does not require SSL protected servers.

Well, the problem is, that when discovering new AS7 servers, it uses the management-https port by default, leading to us having to change the port to standard mangement-http manually and turn off encryption.

I made a question on the RHQ forums about the same, and asked if there was any setting to override this behaviour.

Stian
Comment 13 Thomas Segismont 2014-03-21 09:17:09 EDT
(In reply to Stian Lund from comment #12)
> Well, the problem is, that when discovering new AS7 servers, it uses the
> management-https port by default, leading to us having to change the port to
> standard mangement-http manually and turn off encryption.
> 

AS7 plugin *chooses* https port if it is configured. It's a preference when both http and https port are accessible.
Comment 14 Stian Lund 2014-03-21 10:09:43 EDT
> AS7 plugin *chooses* https port if it is configured. It's a preference when both http and https port are accessible.

Hmm... so any way to override this choice and only use http? Because otherwise we will need to change all our AS7 servers to not have management-https configured or do a lot of changes in RHQ.
Comment 15 Simeon Pinder 2014-07-31 11:51:54 EDT
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993

Note You need to log in before you can comment on or make changes to this bug.