Unable to log into the hawtio console on Fuse 6.2.1 on EAP

Solution In Progress - Updated -

Issue

I am working on Fuse 6.2.1 on EAP 6.4.4 and I am trying to configure the security settings to enable authorization.

The system properties configured are:

  * hawtio.authenticationEnabled: true
  * hawtio.realm: ApplicationRealm
  * hawtio.role: role1

Then, through the add-user.sh script, I added a user 'fuseadmin' to 'ApplicationRealm' with role 'role1'.

But I am not able to login and I get this message "Failed to log in, Forbidden".

Looking at the log at DEBUG level, I can see the following entries:

DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1)
doAuthenticate[realm=ApplicationRealm, role=role1,
rolePrincipalClasses=org.jboss.security.SimplePrincipal,
configuration=null, username=fuseadmin, password=******]
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Unknown
callback class [org.jboss.security.auth.callback.ObjectCallback]
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Looking
for rolePrincipalClass: org.jboss.security.SimplePrincipal
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Checking
principal, classname: org.jboss.security.SimplePrincipal toString: fuseadmin
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) role
fuseadmin doesn't match role1, continuing
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Checking
principal, classname: org.jboss.security.SimpleGroup toString:
Roles(members:role1)
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) principal
class org.jboss.security.SimpleGroup doesn't match
org.jboss.security.SimplePrincipal, continuing
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) Checking
principal, classname: org.jboss.security.SimpleGroup toString:
CallerPrincipal(members:fuseadmin)
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) principal
class org.jboss.security.SimpleGroup doesn't match
org.jboss.security.SimplePrincipal, continuing
DEBUG [io.hawt.system.Authenticator] (http-/127.0.0.1:8080-1) User
fuseadmin does not have the required role role1

What am I doing wrong?

Environment

  • Red Hat JBoss Fuse on EAP
    • 6.2.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.