Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.6.6.Final, 1.12.0.CR1
Affects Version/s: None
Component/s: Authentication Mechanisms
Labels:

Steps to Reproduce:
- Setup elytron ldap on management layer
- enable debug logging on "org.wildfly.security"
- login with but enter incorrect password.
- check server.log
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1376

Trace logging shows:

2020-03-10 13:51:38,549 DEBUG [org.wildfly.security] (management task-1) Found entry [uid=dguthrie,ou=users,dc=example,dc=com].
2020-03-10 13:51:38,550 DEBUG [org.wildfly.security] (management task-1) Identity for principal [dguthrie] found at [uid=dguthrie,ou=users,dc=example,dc=com].
2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Credential direct evidence verification failed. DN: [uid=dguthrie,ou=users,dc=example,dc=com]
2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Context [javax.naming.ldap.InitialLdapContext@25061db2] was closed. Connection closed or just returned to the pool.
2020-03-10 13:51:38,581 TRACE [org.wildfly.security] (management task-1) Handling AuthenticationCompleteCallback: fail
2020-03-10 13:51:38,582 TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified

Where "Credential direct evidence verification failed. DN [uid=dguthrie,ou=users,dc=example,dc=com]" is missing the exception or even a reason.

In DirectEvidenceVerifier.java around line 102 in the Exception handler it has

log.debugf("Credential direct evidence verification failed. DN: [%s]", distinguishedName,e);

In this case, the "e" is the exception, but that parameter position is for the string formatting for which there is no token in the formatter. I believe what they meant to write was:

log.debugf(e, "Credential direct evidence verification failed. DN: [%s]", distinguishedName);

See GitHub

where the first parameter is the exception. A customer is migrating from legacy to elytron, and they have been using the LDAP error codes in the log for their internal IT to help figure out why people failed login. It's also invaluable for support.

is incorporated by

JBEAP-18930 [GSS](7.3.z) ELY-1940 - Elytron LDAP Squashes Authentication Exception

Closed

WFCORE-4871 Upgrade WildFly Elytron to 1.12.0.CR1

Closed

relates to

JBEAP-18917 [GSS](7.2.z) Elytron LDAP Squashes Authentication Exception

Closed

Assignee:: Lin Gao

Reporter:: Lin Gao

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2020/03/12 2:23 AM

Updated:: 2020/03/17 11:21 AM

Resolved:: 2020/03/16 11:46 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates