EAP, how to management-interfaces with multiple or fail-over security-realm(s)

Latest response

I have a working configuration for the native-interface and http-interface, with ldap login.

But I want a second or even more security-realm as fail-over, with user/password.

How do I configure that?

Responses

I'm not sure I understand what you mean. Can you give us a use case that might help me understand this a little better?

I'm sorry, english is not me native language.

I want a combined system for management security with ldap login and user/password login.

Hi Peter

I think it might be better if you raise a case with our support team for this. I've asked our security guys to take a look at this but I think we may need more information which is better handled over a case.

Regards
Mustafa

He meant what if ldap is not available, how do we access JBOSS console/jboss-cli.sh.
For example, if ldap fails, we could use an user that is created in this realm:

security-realm name="ManagementRealm"
properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"
properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"

But its not possible to configure more than one type in security-realm:

management-interfaces
native-interface security-realm="OpenLDAPRealm"
socket interface="management" port="${jboss.management.native.port:9999}"
native-interface
http-interface security-realm="OpenLDAPRealm"
socket interface="management" port="${jboss.management.http.port:9990}"
http-interface
management-interfaces
management

Daniela

Is this Issue Resolved ?

I want to integrated multiple security Realm to Management-Interface ? Please let me know how can we do it.