Adding Users to WildFly Security Realms: Difference between revisions
No edit summary |
No edit summary |
||
Line 35: | Line 35: | ||
Press any key to continue . . . | Press any key to continue . . . | ||
</pre> | </pre> | ||
The script modifies the following files: | The script modifies the following files: | ||
<pre> | |||
${JBOSS_HOME}/standalone/configuration/application-users.properties | ${JBOSS_HOME}/standalone/configuration/application-users.properties | ||
${JBOSS_HOME}/standalone/configuration/application-roles.properties | ${JBOSS_HOME}/standalone/configuration/application-roles.properties | ||
${JBOSS_HOME}/standalone/domain/configuration/application-users.properties | ${JBOSS_HOME}/standalone/domain/configuration/application-users.properties | ||
${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties | ${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties | ||
</pre> | |||
A WildFly process is not required to be present in order for the operation to succeed. | |||
!!Add a User to the Management Realm | !!Add a User to the Management Realm |
Revision as of 00:22, 12 February 2016
External
- EAP Documentation - Add a User to a Security Realm: https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html-single/Security_Guide/index.html#Add_a_User_to_a_Security_Realm1
Internal
Add a User to the Application Realm
This is an example of how to add a user to the application realm with add-user.sh.
C:\runtime\jboss-eap-6.0\bin>add-user.bat What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): b Enter the details of the new user to add. Realm (ApplicationRealm) : Username : test Password : Re-enter Password : What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: guest About to add user 'test' for realm 'ApplicationRealm' Is this correct yes/no? yes Added user 'test' to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-users.properties' Added user 'test' to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-users.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-roles.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS process e.g. slave domain controller? yes/no? no Press any key to continue . . .
The script modifies the following files:
${JBOSS_HOME}/standalone/configuration/application-users.properties ${JBOSS_HOME}/standalone/configuration/application-roles.properties ${JBOSS_HOME}/standalone/domain/configuration/application-users.properties ${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties
A WildFly process is not required to be present in order for the operation to succeed.
!!Add a User to the Management Realm
This is an example of how to add a user to the management realm with Template:Add-user.sh.
Be aware of [JBoss 7 Security Configuration#UserNameRestrictions].
If this user will be used only for local access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below.
{{{ nombp1:bin ovidiu$ ./add-user.sh
What type of user do you wish to add?
a) Management User (mgmt-users.properties) b) Application User (application-users.properties)
(a): a
Enter the details of the new user to add. Using realm 'ManagementRealm' as discovered from the existing property files. Username : novaordis.management.user Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file.
- The password must not be one of the following restricted values {root, admin, administrator} - The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s) - The password must be different from the username
Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: DomainManagement About to add user 'novaordis.management.user' for realm 'ManagementRealm' Is this correct yes/no? yes Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-users.properties' Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-users.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-groups.properties' Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? yes To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" /> }}}
The script modifies the following files:
{{{ $JBOSS_HOME/standalone/configuration/mgmt-users.properties $JBOSS_HOME/domain/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties $JBOSS_HOME/domain/configuration/mgmt-groups.properties }}}
It does not care if there's no JBoss 7 process running.
!Secret Value
The "secret value" generated by the above procedure is actually the Template:Openssl enc -base64 of the password.
openssl enc -base64
The values are identical and can be used interchangeably.