WFLYCTL0369 applicationSSC not available when trying to run enable-elytron-se17.cli in EAP 7.4

Solution Verified - Updated

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP) 7.4
  • JDK17

Issue

The enable-elytron-se17.cli fails due to applicationSSC not being defined such as: 

jboss-eap-7.4 $ ./bin/jboss-cli.sh --file=./docs/examples/enable-elytron-se17.cli 
INFO: Updating configuration to use elytron
INFO: Adding http-authentication-factory=application-http-authentication to Elytron
{"outcome" => "success"}
INFO: Adding application-security-domain=other to Undertow
{"outcome" => "success"}
INFO: Configuring the Undertow https listener
The batch failed with the following error (you are remaining in the batch editing mode to have a chance to correct the error): 
WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:
Step: step-2
Operation: /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context, value=applicationSSC)
Failure: WFLYCTL0369: Required capabilities are not available:
    org.wildfly.security.ssl-context.applicationSSC; Possible registration points for this capability: 
		/subsystem=elytron/server-ssl-context=*
		/subsystem=elytron/client-ssl-context=*
		/subsystem=elytron/server-ssl-sni-context=*

Resolution

The EAP 7.4 example configurations include the applicationSSC, applicationKM and applicationKS. The issue can happen when an older configuration or one that had removed these configuration is used. Running these 3 commands will add the needed configuration for enable-elytron-se17.cli to complete successfully: 

/subsystem=elytron/key-store=applicationKS:add(credential-reference={clear-text=password},path=application.keystore,relative-to=jboss.server.config.dir,type=JKS)
/subsystem=elytron/key-manager=applicationKM:add(key-store=applicationKS, generate-self-signed-certificate-host=localhost, credential-reference={clear-text=password})
/subsystem=elytron/server-ssl-context=applicationSSC:add(key-manager=applicationKM)

Resulting in these changes:

        <subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
        ...
            <tls>
                <key-stores>
                    <key-store name="applicationKS">
                        <credential-reference clear-text="password"/>
                        <implementation type="JKS"/>
                        <file path="application.keystore" relative-to="jboss.server.config.dir"/>
                    </key-store>
                </key-stores>
                <key-managers>
                    <key-manager name="applicationKM" key-store="applicationKS" generate-self-signed-certificate-host="localhost">
                        <credential-reference clear-text="password"/>
                    </key-manager>
                </key-managers>
                <server-ssl-contexts>
                    <server-ssl-context name="applicationSSC" key-manager="applicationKM"/>
                </server-ssl-contexts>
            </tls>
        </subsystem>
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.