Hi,
We decided to override the karaf realm instead of adding a new one and have to
modify all configurations. Works perfectly so far, thanks!
But it would still be nice if we could also replace config key values via e.g.
Assembly Property Edits. The following allows only to replace the whole
configuration with this or multiple key-value pairs, not to replace one single
value:
<propertyEdits>
<edits>
<edit>
<file>org.apache.karaf.webconsole.cfg</file>
<operation>
<operation>put</operation>
</operation>
<key>realm</key>
<value>kisters-water</value>
</edit>
</edits>
</propertyEdits>
Something similar could perhaps also be supported by the config element in
feature.xml, which is currently limited the same way:
<config name="org.apache.karaf.webconsole" override="true" append="false">
test=value
</config>
Thanks!
Regards,
Cédric
________________________________
From: Jean-Baptiste Onofré <j...@nanthrax.net>
Sent: Tuesday, April 30, 2024 2:22 PM
To: user@karaf.apache.org <user@karaf.apache.org>
Subject: Re: Overriding the default realm for SSH, WebConsole, ...
!! External !! This email was sent from outside the organization. Do not click
on links or open attachments unless you can identify the sender and trust that
the content is safe.
Hi Cédric
You can provide the security schema via blueprint or programmatically,
overriding the karaf realm.
Or you can create a new realm and update all services (ssh, etc) with
this realm (more changes to do).
I would go more with the overriding karaf realm, probably easier (the
overriding bundle would be part of your distribution).
Regards
JB
On Tue, Apr 30, 2024 at 9:35 AM Cedric Jonas <cedric.jo...@kisters.de> wrote:
>
> Hi,
>
> We provide a custom Karaf distribution for other developers within our
> company. As part of that, we also provide a custom authentication realm using
> OpenID Connect.
>
> Now we would like to ensure that this new realm is configured by default for
> SSH, WebConsole, etc. I could not find any nice way to do that - whenever I
> tried to override property values in e.g.
> etc/org.apache.karaf.webconsole.cfg, I end up with a completely new file
> which is not what we want. Either the property replacement abilities of the
> Karaf Maven plugin / features.xml did replace the whole existing
> configuration file with my one customized value ("realm" key) or it created
> the file before the WebConsole feature was installed, and the WebConsole
> feature install obviously doesn't merge both.
>
> Our goal was to customize the existing Karaf configuration files so that we
> do not have to spend additional sync efforts each time we update to a new
> version of Karaf (at least, we need to check if the default configuration
> file didn't change).
>
> Is there any good way to do that?
>
> In the documentation
> (https://karaf.apache.org/manual/latest/#_schema_and_deployer<https://karaf.apache.org/manual/latest/#_schema_and_deployer>)
> I found there's a way to override the default realm ("karaf") configuration
> using Blueprint and ranks - meaning I would probably replace the existing
> karaf realm with a new configuration but using the same realm name.
> Is that the only way? Isn't it possible to simply configure a new realm name
> for SSH, WebConsole etc. when building a new custom distribution? Without
> being forced to rewrite the whole configuration file and sync the configs
> each time we update?
>
> Thanks!
>
> Regards,
> Cédric
> ________________________________
> Cédric Jonas - HydroMet - KISTERS AG - Pascalstraße 8+10 - 52076 Aachen - DE
> | +49 2408 9385 -453 | cedric.jo...@kisters.de | www.kisters.de |
> Handelsregister Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns Kisters
> | Aufsichtsratsvorsitzender: Dr. Thomas Klevers
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error) please
> notify the sender immediately and destroy this e-mail. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden.
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
> irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
> vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser Mail ist nicht gestattet.
________________________________
Cédric Jonas - HydroMet - KISTERS AG - Pascalstraße 8+10 - 52076 Aachen - DE |
+49 2408 9385 -453 | cedric.jo...@kisters.de | www.kisters.de | Handelsregister
Aachen, HRB-Nr. 7838 | Vorstand: Klaus Kisters, Hanns Kisters |
Aufsichtsratsvorsitzender: Dr. Thomas Klevers
This e-mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please
notify the sender immediately and destroy this e-mail. Any unauthorised
copying, disclosure or distribution of the material in this e-mail is strictly
forbidden.
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet.
