Adding Users to WildFly Security Realms: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 47: Line 47:
A WildFly process is not required to be present in order for the operation to succeed.
A WildFly process is not required to be present in order for the operation to succeed.


!!Add a User to the Management Realm
=Add a User to the Management Realm=


This is an example of how to add a user to the management realm with {{add-user.sh}}.  
This is an example of how to add a user to the management realm with <tt>add-user.sh</tt>.  


Be aware of [JBoss 7 Security Configuration#UserNameRestrictions].
If this user will be used only for node access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below.


If this user will be used only for local access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below.
<pre>
 
{{{
nombp1:bin ovidiu$ ./add-user.sh  
nombp1:bin ovidiu$ ./add-user.sh  


Line 83: Line 81:
yes/no? yes
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" />
To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" />
}}}
</pre>
 


The script modifies the following files:
The script modifies the following files:


{{{
<pre>
$JBOSS_HOME/standalone/configuration/mgmt-users.properties
$JBOSS_HOME/standalone/configuration/mgmt-users.properties
$JBOSS_HOME/domain/configuration/mgmt-users.properties
$JBOSS_HOME/domain/configuration/mgmt-users.properties
$JBOSS_HOME/standalone/configuration/mgmt-groups.properties
$JBOSS_HOME/standalone/configuration/mgmt-groups.properties
$JBOSS_HOME/domain/configuration/mgmt-groups.properties
$JBOSS_HOME/domain/configuration/mgmt-groups.properties
}}}
</pre>


It does not care if there's no JBoss 7 process running.
A WildFly process is not required to be present in order for the operation to succeed.


!Secret Value
!Secret Value

Revision as of 00:23, 12 February 2016

External

Internal

Add a User to the Application Realm

This is an example of how to add a user to the application realm with add-user.sh.

C:\runtime\jboss-eap-6.0\bin>add-user.bat

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Realm (ApplicationRealm) :
Username : test
Password :
Re-enter Password :
What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: guest
About to add user 'test' for realm 'ApplicationRealm'
Is this correct yes/no? yes
Added user 'test' to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-users.properties'
Added user 'test' to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-users.properties'
Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-roles.properties'
Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS process e.g. slave domain controller?
yes/no? no
Press any key to continue . . .

The script modifies the following files:

${JBOSS_HOME}/standalone/configuration/application-users.properties
${JBOSS_HOME}/standalone/configuration/application-roles.properties
${JBOSS_HOME}/standalone/domain/configuration/application-users.properties
${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties

A WildFly process is not required to be present in order for the operation to succeed.

Add a User to the Management Realm

This is an example of how to add a user to the management realm with add-user.sh.

If this user will be used only for node access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below.

nombp1:bin ovidiu$ ./add-user.sh 

What type of user do you wish to add? 
 a) Management User (mgmt-users.properties) 
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : novaordis.management.user
Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file.
 - The password must not be one of the following restricted values {root, admin, administrator}
 - The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
 - The password must be different from the username
Password : 
Re-enter Password : 
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: DomainManagement
About to add user 'novaordis.management.user' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-users.properties'
Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-users.properties'
Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties'
Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process? 
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" />

The script modifies the following files:

$JBOSS_HOME/standalone/configuration/mgmt-users.properties
$JBOSS_HOME/domain/configuration/mgmt-users.properties
$JBOSS_HOME/standalone/configuration/mgmt-groups.properties
$JBOSS_HOME/domain/configuration/mgmt-groups.properties

A WildFly process is not required to be present in order for the operation to succeed.

!Secret Value

The "secret value" generated by the above procedure is actually the Template:Openssl enc -base64 of the password.

openssl enc -base64


The values are identical and can be used interchangeably.