Securing Jgroups Cluster using SASL protocol in EAP
Issue
- How to secure Jgroups using SASL protocol in EAP ?
- Validation error in standalone-ha.xml when adding SASL as :
<SASL mech="DIGEST-MD5"
client_name="node_user"
client_password="node_password"
server_callback_handler_class="org.example.infinispan.security.JGroupsSaslServerCallbackHandler"
client_callback_handler_class="org.example.infinispan.security.JGroupsSaslClientCallbackHandler"
sasl_props="com.sun.security.sasl.digest.realm=test_realm" />
Error:
~~~~~~
4:34:54,479 ERROR [org.jboss.as.controller] (Controller Boot Thread)
OPVDX001: Validation error in standalone-ha.xml --------------------------------
|
| 408: <protocol type="pbcast.STABLE"/>
| 409:
| 410: <SASL mech="DIGEST-MD5"
| ^^^^ 'SASL' isn't an allowed element here
|
| Elements allowed here are:
| auth-protocol relay
| encrypt-protocol socket-discovery-protocol
| jdbc-protocol socket-protocol
| protocol transport
|
| 411: client_name="node_user"
| 412: client_password="node_password"
| 413: server_callback_handler_class="org.example.infinispan.security.JGroupsSaslServerCallbackHandler"
|
| The primary underlying error message was:
| > ParseError at [row,col]:[410,1]
| > Message: WFLYCTL0198: Unexpected element
| > '{urn:jboss:domain:jgroups:6.0}SASL' encountered
|
Environment
- JBoss Enterprise Application Platform (EAP) :
- 7.x
- Red Hat Data Grid (RHDG):
- 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.