potential risk with wildfly logging in keycloak standalone server

[Zaharia Dragos-Cosmin]

Hi,

After following the dcm4chee-arc 5.x tutorial, i ended up with 2 wildflys:

- one carrying dcm4chee-archive with ports:

        <socket-binding name="http" port="${jboss.http.port:8080}"/>

        <socket-binding name="https" port="${jboss.https.port:8443}"/>

        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>

        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>

- and one carrying keycloak app with ports:

        <socket-binding name="http" port="${jboss.http.port:8880}"/>

        <socket-binding name="https" port="${jboss.https.port:8843}"/>

        <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9980}"/>

        <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9983}"/>

When I access http://localhost:9983 the wildfly page appears and when I press the login to administration console no user password is required and I am automatically logged as an anonymous user. Could this be a potential risk? How could I secure the wildfly access of the keycloak-side?

Kind regards.

[Gunter Zeilinger]

Opened dcm4che-dockerfiles/keycloak#2

[Gunter Zeilinger]

Fixed. You may purge mapped out standalone/configuration and standalone/deployment and re-create the keycloak container with patched docker image:

docker pull dcm4che/keycloak:11.0.3

or manually patch standalone/configuration/keycloak-xxx.xml

         <management-interfaces>
-            <http-interface ssl-context="httpsSSC">
+            <http-interface security-realm="ManagementRealm" ssl-context="httpsSSC">
                 <http-upgrade enabled="true"/>
                 <socket-binding http="management-http" https="management-https"/>
             </http-interface>

[Zaharia Dragos-Cosmin]

Hi,

I confirm that the patch works.

kind regards.