Unable to log into the hawtio console on Fuse 6.2.1 on EAP

Solution In Progress - Updated -

Issue

I am working on Fuse 6.2.1 on EAP 6.4.4 and I am trying to configure the security settings to enable authorization.

The system properties configured are:

  * hawtio.authenticationEnabled: true
  * hawtio.realm: ApplicationRealm
  * hawtio.role: role1

Then, through the add-user.sh script, I added a user 'fuseadmin' to 'ApplicationRealm' with role 'role1'.

But I am not able to login and I get this message "Failed to log in, Forbidden".

Looking at the log at DEBUG level, I can see the following entries:

DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1)
doAuthenticate[realm=ApplicationRealm, role=role1,
rolePrincipalClasses=org.jboss.security.SimplePrincipal,
configuration=null, username=fuseadmin, password=******]
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Unknown
callback class [org.jboss.security.auth.callback.ObjectCallback]
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Looking
for rolePrincipalClass: org.jboss.security.SimplePrincipal
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Checking
principal, classname: org.jboss.security.SimplePrincipal toString: fuseadmin
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) role
fuseadmin doesn't match role1, continuing
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Checking
principal, classname: org.jboss.security.SimpleGroup toString:
Roles(members:role1)
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) principal
class org.jboss.security.SimpleGroup doesn't match
org.jboss.security.SimplePrincipal, continuing
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Checking
principal, classname: org.jboss.security.SimpleGroup toString:
CallerPrincipal(members:fuseadmin)
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) principal
class org.jboss.security.SimpleGroup doesn't match
org.jboss.security.SimplePrincipal, continuing
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) User
fuseadmin does not have the required role role1

What am I doing wrong?

Environment

  • Red Hat JBoss Fuse on EAP
    • 6.2.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In