Adding Users to WildFly Security Realms

From NovaOrdis Knowledge Base
Revision as of 00:19, 12 February 2016 by Ovidiu (talk | contribs)
Jump to navigation Jump to search

External

Internal

Add a User to the Application Realm

This is an example of how to add a user to the application realm with add-user.sh.

Be aware of [JBoss 7 Security Configuration#UserNameRestrictions].

Run example:


{{{ C:\runtime\jboss-eap-6.0\bin>add-user.bat

What type of user do you wish to add? 

a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)

(a): b

Enter the details of the new user to add. Realm (ApplicationRealm) : Username : test Password : Re-enter Password : What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: guest About to add user 'test' for realm 'ApplicationRealm' Is this correct yes/no? yes Added user 'test' to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-users.properties' Added user 'test' to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-users.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\standalone\configuration\application-roles.properties' Added user 'test' with roles guest to file 'C:\runtime\jboss-eap-6.0\domain\configuration\application-roles.properties' Is this new user going to be used for one AS process to connect to another AS process e.g. slave domain controller? yes/no? no Press any key to continue . . . }}}


The script modifies the following files:

{{{ ${JBOSS_HOME}/standalone/configuration/application-users.properties ${JBOSS_HOME}/standalone/configuration/application-roles.properties ${JBOSS_HOME}/standalone/domain/configuration/application-users.properties ${JBOSS_HOME}/standalone/domain/configuration/application-roles.properties }}}

It does not really care if there's no JBoss 7 process running.

!!Add a User to the Management Realm

This is an example of how to add a user to the management realm with Template:Add-user.sh.

Be aware of [JBoss 7 Security Configuration#UserNameRestrictions].

If this user will be used only for local access and it does not correspond to a subordinate host controller, answer "no" to "Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls." below.

{{{ nombp1:bin ovidiu$ ./add-user.sh

What type of user do you wish to add? 

a) Management User (mgmt-users.properties) 
b) Application User (application-users.properties)

(a): a

Enter the details of the new user to add. Using realm 'ManagementRealm' as discovered from the existing property files. Username : novaordis.management.user Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file. 

- The password must not be one of the following restricted values {root, admin, administrator}
- The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
- The password must be different from the username

Password : Re-enter Password : What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: DomainManagement About to add user 'novaordis.management.user' for realm 'ManagementRealm' Is this correct yes/no? yes Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-users.properties' Added user 'novaordis.management.user' to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-users.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/standalone/configuration/mgmt-groups.properties' Added user 'novaordis.management.user' with groups DomainManagement to file '/Users/ovidiu/runtime/jboss-eap-6.3/domain/configuration/mgmt-groups.properties' Is this new user going to be used for one AS process to connect to another AS process? e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? yes To represent the user add the following to the server-identities definition <secret value="bm9tdTEyMyE=" /> }}}


The script modifies the following files:

{{{ $JBOSS_HOME/standalone/configuration/mgmt-users.properties $JBOSS_HOME/domain/configuration/mgmt-users.properties $JBOSS_HOME/standalone/configuration/mgmt-groups.properties $JBOSS_HOME/domain/configuration/mgmt-groups.properties }}}

It does not care if there's no JBoss 7 process running.

!Secret Value

The "secret value" generated by the above procedure is actually the Template:Openssl enc -base64 of the password. 

openssl enc -base64


The values are identical and can be used interchangeably.

Retrieved from "https://kb.novaordis.com/index.php?title=Adding_Users_to_WildFly_Security_Realms&oldid=3229"