I've read that it's possible to monitor Wildfly with Nagios in links like this one and I also know that there are solutions that provide that service as well.
Does anybody knows how to do that, how to monitor Wildfly with Nagios, any recommendations on how to start? Any reference would be very appreciated.
You can consider using JSON based HTTP management API. Sample plugin (Python based) for JBossAS - standalone mode is available here https://github.com/aparnachaudhary/nagios-plugin-jbossas7. This should also work for WildFly.
Some details about WildFly HTTP Management API can be found here https://docs.jboss.org/author/display/WFLY9/The+HTTP+management+API
Related
I would like to integrate security for WildFly 11 management interfaces (management console, web console) with KeyCloak over the new Elytron subsystem.
I've been looking the latest documentation for Wildfly 11 and there is chapter Using KeyCloak with WildFly Elytron but is unfortunately empty.
I will be really appreciated if someone could give me some advice how to do that.
Keycloak documentation for version 3.4 is very detailed http://www.keycloak.org/docs/latest/securing_apps/index.html#_jboss_adapter - you have to install the adapter for your Elytron subsystem on Wildfly 11 (beware: the CLI is different from the Wildfly 10 version! )
Looks like some missed QAing it... Anyways .. i think this can be your starting points.
https://github.com/ssilvert/wildfly/blob/kcauth/keycloak/KeycloakSetup.txt
More details and concepts can be found in this email thread , http://lists.jboss.org/pipermail/wildfly-dev/2014-June/002230.html . Sorry these are not complete answers but can be a good starting point to your solution.
The documentation was updated with more information on how to use Keycloak to protect Wildfly Administration Console and Management API.
Take a look here https://docs.jboss.org/author/display/WFLY/Protecting+Wildfly+Adminstration+Console+With+Keycloak.
My team and I are currently doing a Worklight mobile project. One of our requirements is to retrieve data from MS CRM and Sharepoint via web service calls. The authentication mechanism that we are to make use of is Kerberos / Spnego.
We followed the instructions documented here, where we inserted the following into our HTTP adapter:
<authentication>
<spnego stripPortOffServiceName="true"/>
</authentication>
In addition, as mentioned in the same IBM site we have included the krb5.conf file into the ../server/conf directory in the project files.
However after invoking the adapter procedure, we encountered an error:
Runtime: Failed to create Kerberos login context
As there are very limited documentation around regarding Worklight working with Kerberos, we were unable to solve this issue. Hence we would like to seek for some help on this community. Is there something that we missed out on?
Unfortunately this type of configuration is not tested often at all and there are no more documentation on this subject matter. This will be discussed to see if documentation and testing can be improved.
The workaround that is currently used (by Desmond) is to continue using NTLM instead.
I'm trying to apply OpenAM to our Web Applications for SSO.
From the last month I got familiar with OpenAM, so I thought that I'm almost getting to the end.
But another constraint has arisen.
One Application has deeper dependency to Winstone Servlet Container, but it's not on OpenAM's Java EE Agents lists.
My solution was 'Using Apache Web Server : Apache+Winstone', but my colleague rejected my suggestion.
Is there any other solution for OpenAM+Winstone?
(I could not find it with Googling. In fact I didn't know Winstone itself until my colleague said that.)
If you don't need J2EE security in your application you could just use the 'servlet-filter' part of the 'J2EE Agent' filter (e.g. Tomcat Agent). You just need to specify a JVM option to point to the boostrap directory and add the agent libs to the classpath.
I would like to know how can I have users for hawt.io when using it in an standalone java app. I believe that you need to define a realm like containers do, but is there any guide or easy way to do this? I just want to protect my hawt.io instance with user and password.
You can use Jetty or Tomcat as the embedded web server to run hawtio standalone. Then you can use their security out of the box. And its just like securing any other WAR web application, eg setup their realm, and setup web.xml stuff.
For example this is done in the Apache ActiveMQ distribution which has an embedded Jetty server for the web consoles and WebSocket support.
I'm trying to export a profile from WAS 6.1 so that I can give it to other members of my team with all of the JNDI and Shared Library configurations in place. I've flowed a few IBM tutorials on this like http://www-01.ibm.com/support/docview.wss?uid=swg21322309 (technically that is more a bug fix, but there is a similar page). I've tried to export the server using the "import" feature of the server in RAD 7. None of these options create a .car file with the resources sticking around.
Does anyone know how to do this?
Thanks,
JPD
Have you tried exporting/importing the WAS configuration using the wsadmin console as described in the following IBM TechNote?
https://www-304.ibm.com/support/docview.wss?uid=swg21207526
Unfortunately, the SIB configuration will be missing from the export -- I'm not sure if it's a bug or a feature, but it's at least mentioned by IBM in their TechNote so you don't have to pull out your hair searching for the problem.