-
1. Re: JBoss AS 7.1.x Securing Management Console - Authentication/SSL
kevgo Mar 7, 2013 3:13 PM (in response to kevgo)An example of a full standalone.xml/standalone-full.xml file from someone who is using SSL for the management console, and are tied into AD for authentication would be extremely helpful.
My application is running fine using https. Certificates from the CA were added to the keystore and the connector created as per;
<subsystem xmlns="urn:jboss:domain:web:1.2" default-virtual-server="default-host" native="false">
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="changeit" certificate-key-file="/usr/java/jdk1.7.0_13/bin/jboss.keystore"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
<management> <security-realms> <security-realm name="ManagementRealm"> <server-identities> <ssl> <keystore path="/usr/java/jdk1.7.0_13/bin/jboss.keystore" password="changeit"/> </ssl> </server-identities>
</security-realms>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
</management>
I tried the following:
But was a no go..
-
2. Re: JBoss AS 7.1.x Securing Management Console - Authentication/SSL
kevgo Mar 8, 2013 10:44 AM (in response to kevgo)1 of 1 people found this helpfulWho would have thought spelling mattered..
<management>
<security-realms>
<security-realm name="ManagementRealm"><!-- server-identities is required for the ManagementRealm to point to SSL certs keystore can be placed anywhere that makes sense -->
<server-identities>
<ssl>
<keystore path="/usr/share/jboss-as/jboss-eap-6.0/jboss.keystore" keystore-password="changeit"/>
</ssl>
</server-identities>
<authentication>
<local default-user="$local"/>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>And then..
<http-interface security-realm="ManagementRealm">
<!-- Small typos causes grief don't forget socket-binding http's' in this statement -->
<socket-binding https="management-https"/>
</http-interface>
</management-interfaces>
</management>Likely won't be the last time I stare at XML looking for typos...
Next step is the tie in to LDAP.