Quick question (Secure Wildfly Management Console)

[Jonathan Brooks]

Hi,

Can someone please clear up some confusion for me. At the very end after deploying the secure installation we can then secure access to wildfly console (instructions here):

It says: "Add wildfly-console and wildfly-management to Keycloak Standalone Server subsystem in your DCM4CHEE Archive's Wildfly as shown below"

Should I complete these commands within the jboss-cli for keycloak or wildfly?

My suspicion is that it should be in the jboss-cli connected to wildfly - to allow connections to be intercepted and redirected to keycloak instead, but would appreciate some confirmation here.

Thanks,

Jon

[Jonathan Brooks]

Just to add, that I submitted these commands(*) via the jboss-cli connected to wildfly, then followed instructions to test by browsing to the wildfly console: https://<archive-host>:9993, but I landed at the wildfly error page, rather than keycloak.

(FYI the wildfly error relates to there not being an account associated with wildfly - which I think was a known problem - I think Vrinda mentioned this a while back.)

(*)commands as per instructions (not showing my edited versions):

/subsystem=keycloak/secure-deployment=wildfly-console/:add(realm=dcm4che,resource=wildfly-console,auth-server-url=https://<keycloak-host>:8843/auth,ssl-required=external,public-client=true,truststore=/home/vrinda/work/secure/wildfly-24.0.1.Final/standalone/configuration/keystores/cacerts.p12,truststore-password=secret,allow-any-hostname=true)

/subsystem=keycloak/secure-deployment=wildfly-management/:add(realm=dcm4che,resource=wildfly-management,auth-server-url=https://<keycloak-host>:8843/auth,ssl-required=external,bearer-only=true,truststore=/home/vrinda/work/secure/wildfly-24.0.1.Final/standalone/configuration/keystores/cacerts.p12,truststore-password=secret,allow-any-hostname=true)