Elytron CLI Commands

commands.txt

# KeyStore Commands

./subsystem=elytron/keystore=test:add(type=jks, path=/home/darranl/src/wildfly9/elytron-testing/test.keystore, password=keystore_password)

# Provider Loader Commands

./subsystem=elytron/provider-loader=y:add(register=false, providers=[ {load-services=true, module=org.jboss.sasl}, {load-services=false, module=org.wildfly.security.elytron, class-names=[org.wildfly.security.password.impl.WildFlyElytronPasswordProvider]    } ]

If NSS is backed by a SQL database the following environment variable should be exported first: -
  export NSS_DEFAULT_DB_TYPE=sql

./subsystem=elytron/provider-loader=pkcs#11:add(register=false, providers=[{ class-names=[sun.security.pkcs11.SunPKCS11], path=/home/darranl/src/wildfly/workspace/remoting-standalone/nss_keystore.cfg, module=sun.jdk }])

./subsystem=elytron/keystore=pkcs#11:add(type=PKCS11, provider=SunPKCS11-ServerKeyStore, password=key_password, provider-loader=pkcs#11)
./subsystem=elytron/keystore=pkcs#11:add(type=PKCS11, provider=SunPKCS11-ServerKeyStore, password=key_password)

The following is not working in the CLI: -

./subsystem=elytron/provider-loader=pkcs#11:add(register=false, providers=[{ property-list=[{key=a,value=b},{key=b,value=c}], class-names=[sun.security.pkcs11.SunPKCS11], module=sun.jdk }])

The following can not be defined in the CLI but should be soon (WFCORE-600) : -

                <provider-loader name="pkcs#11" register="false">
                    <provider module="sun.jdk" class-names="sun.security.pkcs11.SunPKCS11">
                        <configuration-properties>
                            <property key="name" value="ServerKeyStore" />
                            <property key="nssLibraryDirectory" value="/usr/lib64" />
                            <property key="nssSecmodDirectory" value="/home/darranl/src/wildfly/workspace/remoting-standalone/nss/server-side" />
                            <property key="nssDbMode" value="readOnly" />
                            <property key="nssModule" value="keystore" />
                        </configuration-properties>
                    </provider>
                </provider-loader>


# Host Specific

Change prefix to ./host=master/


# Enable Authentication Using Existing Properties

# Standalone Mode
./subsystem=elytron/properties-realm=ManagementRealm:add(users-properties={path=mgmt-users.properties, relative-to=jboss.server.config.dir}, groups-properties={path=mgmt-groups.properties, relative-to=jboss.server.config.dir})
./subsystem=elytron/domain=ManagementDomain:add(default_realm=ManagementRealm,  realms=[ManagementRealm])
./core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
./core-service=management/management-interface=http-interface:write-attribute(name=security-domain, value=ManagementDomain)

# Domain Mode
./host=master/subsystem=elytron/properties-realm=ManagementRealm:add(users-properties={path=mgmt-users.properties, relative-to=jboss.domain.config.dir}, groups-properties={path=mgmt-groups.properties, relative-to=jboss.domain.config.dir})
./host=master/subsystem=elytron/domain=ManagementDomain:add(default_realm=ManagementRealm,  realms=[ManagementRealm])
./host=master/core-service=management/management-interface=http-interface:undefine-attribute(name=security-realm)
./host=master/core-service=management/management-interface=native-interface:undefine-attribute(name=security-realm)
./host=master/core-service=management/management-interface=http-interface:write-attribute(name=security-domain, value=ManagementDomain)
./host=master/core-service=management/management-interface=native-interface:write-attribute(name=security-domain, value=ManagementDomain)

test.keystore