Missing Credential Store integration in core Management

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Missing Credential Store integration in core Management

Emmanuel Hugonnet
Hi,
Currently we store passwords for core management in various attributes.
With Elytron we can use a Credential Store to store those attributes values using a CredentialReference, which led to [1].
Investigating we have found the following attributes :
* SecretServerIdentityResourceDefinition.VALUE
* SSLServerIdentityResourceDefinition.KEYSTORE_PASSWORD KEY_PASSWORD
* TruststoreAuthenticationResourceDefinition.KEYSTORE_PASSWORD
* LocalAuthenticationResourceDefinition.DEFAULT_USER ALLOWED_USERS
* UserResourceDefinition.PASSWORD
* LdapConnectionResourceDefinition.SEARCH_CREDENTIAL

Did we miss attributes that could be alternative of CredentialReference ?

KEYSTORE_PASSWORD KEY_PASSWORD (in SSLServerIdentityResourceDefinition and TruststoreAuthenticationResourceDefinition) are using the
attribute definitions of KeystoreAttributes.
We could introduce the alternatives in those definition but that would impact SyslogAuditLogProtocolResourceDefinition.TlsKeyStore.

Cheers,
Emmanuel

[1]: https://issues.jboss.org/browse/WFCORE-2483


_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev

signature.asc (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Missing Credential Store integration in core Management

Darran Lofthouse
Jira issues already exist to address these.

On 22/04/17 06:19, Emmanuel Hugonnet wrote:

> Hi,
> Currently we store passwords for core management in various attributes.
> With Elytron we can use a Credential Store to store those attributes values using a CredentialReference, which led to [1].
> Investigating we have found the following attributes :
> * SecretServerIdentityResourceDefinition.VALUE
> * SSLServerIdentityResourceDefinition.KEYSTORE_PASSWORD KEY_PASSWORD
> * TruststoreAuthenticationResourceDefinition.KEYSTORE_PASSWORD
> * LocalAuthenticationResourceDefinition.DEFAULT_USER ALLOWED_USERS
> * UserResourceDefinition.PASSWORD
> * LdapConnectionResourceDefinition.SEARCH_CREDENTIAL
>
> Did we miss attributes that could be alternative of CredentialReference ?
>
> KEYSTORE_PASSWORD KEY_PASSWORD (in SSLServerIdentityResourceDefinition and TruststoreAuthenticationResourceDefinition) are using the
> attribute definitions of KeystoreAttributes.
> We could introduce the alternatives in those definition but that would impact SyslogAuditLogProtocolResourceDefinition.TlsKeyStore.
>
> Cheers,
> Emmanuel
>
> [1]: https://issues.jboss.org/browse/WFCORE-2483
>
>
>
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev