WildFly Security Concepts: Difference between revisions
Line 39: | Line 39: | ||
</blockquote> | </blockquote> | ||
A Management Realm user authenticates with a regular password, so the host controllers will have to use that password to authenticate. The password is is known as ''server identity secret value'' on the host controller. | A Management Realm user authenticates with a regular password, so the host controllers will have to use that password to authenticate. The password is is known as ''server identity secret value'' on the host controller, and it is specified in its <tt>[[host.xml]]</tt>: | ||
<pre> | |||
<host name="..." ...> | |||
<management> | |||
<security-realms> | |||
<security-realm name="ManagementRealm"> | |||
... | |||
<server-identities> | |||
<secret value="bjFfMTIz"/> | |||
</server-identities> | |||
</security-realm> | |||
... | |||
</host> | |||
</pre> | |||
Revision as of 01:12, 19 February 2016
Internal
Relevance
- EAP 6.4 August 2015
Security Realms
The Security Subsystem
Relationship between a Security Realm and a Security Domain
Subordinated Host Controller Identity
Subordinated host controllers must authenticate against the domain controller's Management Realm in order to be able to interact with it. The host controller identity is associated to a domain controller's Management Realm user whose name is identical with the host controller's host name (the <host name="..."> element in the host controller's host.xml.
From the domain controller's perspective, the host controller identity is established by adding a regular Management Realm user. This is done with the add-user.sh utility, as described here:
A Management Realm user authenticates with a regular password, so the host controllers will have to use that password to authenticate. The password is is known as server identity secret value on the host controller, and it is specified in its host.xml:
<host name="..." ...> <management> <security-realms> <security-realm name="ManagementRealm"> ... <server-identities> <secret value="bjFfMTIz"/> </server-identities> </security-realm> ... </host>