WildFly Full 30 Model Reference

A simple security realm definition backed by the filesystem.

Provided capabilities(2)

Name	Dynamic	Other provider points
org.wildfly.security.security-realm	true	/subsystem=elytron/jaas-realm=* /subsystem=elytron/jdbc-realm=* /subsystem=elytron/token-realm=* /subsystem=elytron/ldap-realm=* /subsystem=elytron/distributed-realm=* /subsystem=elytron/key-store-realm=* /subsystem=elytron/failover-realm=* /subsystem=elytron/custom-modifiable-realm=* /subsystem=elytron/identity-realm=* /subsystem=elytron/aggregate-realm=* /subsystem=elytron/properties-realm=* /subsystem=elytron/caching-realm=* /subsystem=elytron/custom-realm=*
org.wildfly.security.modifiable-security-realm	true	/subsystem=elytron/custom-modifiable-realm=* /subsystem=elytron/token-realm=* /subsystem=elytron/ldap-realm=*

Attributes (10)

credential-store The reference to the credential store that contains the secret key to encrypt and decrypt the realm.

Attribute	Value
Capability reference	/subsystem=elytron/credential-store=* /subsystem=elytron/secret-key-credential-store=*
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

encoded Whether the identity names should be stored encoded (Base32) in file names. If encryption is configured, this attribute is ignored.

Attribute	Value
Default Value	true
Type	BOOLEAN
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

hash-charset The character set to use when converting the password string to a byte array.

Attribute	Value
Default Value	UTF-8
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	resource-services

hash-encoding The string format for the password if it is not stored in plain text.

Attribute	Value
Default Value	base64
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	resource-services
Allowed Values	base64 hex

key-store The reference to the key store that contains the key pair to use to verify integrity.

Attribute	Value
Capability reference	/subsystem=elytron/key-store=* /subsystem=elytron/ldap-key-store=* /subsystem=elytron/filtering-key-store=*
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	resource-services

key-store-alias The alias that identifies the PrivateKeyEntry within the key store to use to verify integrity.

Attribute	Value
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

levels The number of levels of directory hashing to apply.

Attribute	Value
Default Value	2
Type	INT
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

path The path to the file containing the realm.

Attribute	Value
Type	STRING
Nillable	false
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

relative-to The pre-defined path the path is relative to.

Attribute	Value
Type	STRING
Nillable	true
Expressions Allowed	false
Storage	configuration
Access Type	read-write
Restart Required	all-services

secret-key The alias of the secret key to encrypt and decrypt the realm.

Attribute	Value
Type	STRING
Nillable	true
Expressions Allowed	true
Storage	configuration
Access Type	read-write
Restart Required	all-services

Operations (10)

add The add operation for the security realm.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
credential-store	STRING	false	true		The reference to the credential store that contains the secret key to encrypt and decrypt the realm.
encoded	BOOLEAN	false	true	true	Whether the identity names should be stored encoded (Base32) in file names. If encryption is configured, this attribute is ignored.
hash-charset	STRING	false	true	UTF-8	The character set to use when converting the password string to a byte array.
hash-encoding	STRING	false	true	base64	The string format for the password if it is not stored in plain text.
key-store	STRING	false	true		The reference to the key store that contains the key pair to use to verify integrity.
key-store-alias	STRING	false	true		The alias that identifies the PrivateKeyEntry within the key store to use to verify integrity.
levels	INT	false	true	2	The number of levels of directory hashing to apply.
secret-key	STRING	false	true		The alias of the secret key to encrypt and decrypt the realm.
path	STRING	true	true		The path to the file containing the realm.
relative-to	STRING	false	false		The pre-defined path the path is relative to.

add-identity Add an identity to a security realm.

Request Parameter Type Required Expressions Allowed Default value Description

identity STRING true false The name of the identity.

add-identity-attribute Add an attribute to an existing identity.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
identity	STRING	true	false		The name of the identity.
name	STRING	true	false		The name of the attribute.
value	LIST	true	false		The value of the attribute.

read-identity Read an identity from a security realm if it exists.

Request Parameter Type Required Expressions Allowed Default value Description

identity STRING true false The name of the identity.
remove The remove operation for the security realm.
remove-identity Remove an identity from a security realm.

Request Parameter Type Required Expressions Allowed Default value Description

identity STRING true false The name of the identity.

remove-identity-attribute Remove an attribute to an existing identity.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
identity	STRING	true	false		The name of the identity.
name	STRING	true	false		The name of the attribute.
value	LIST	false	false		The value of the attribute.

set-password Add a password to an existing identity.

Request Parameter	Type	Required	Expressions Allowed	Default value	Description
identity	STRING	true	false		The name of the identity.
bcrypt	OBJECT	false	false		A password using the Bcrypt algorithm.
clear	OBJECT	false	false		A password in clear text.
simple-digest	OBJECT	false	false		A simple digest password.
salted-simple-digest	OBJECT	false	false		A salted simple digest password.
scram-digest	OBJECT	false	false		A password using the SCRAM digest algorithm.
digest	OBJECT	false	false		A digest password.
otp	OBJECT	false	false		A one-time password, used by the OTP SASL mechanism.

update-key-pair Updates the filesystem realm to make use of the new key pair to verify integrity.
verify-integrity Verify the integrity of the entire filesystem realm.