-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Authentication is failing when token-realm is set as an authentication-realm in aggregate-realm and ldap-realm is set as authorization realm.
It is found that AggregateSecurityRealm#getRealmIdentity is attempting to get the realm identity to be used for authentication using the JWT realm and it attempts to get the realm identity to be used for authorization using the LDAP realm. In both cases, the BearerTokenEvidence is being used to try to obtain the realm identity. The problem with this is that the LdapSecurityRealm won't be able to obtain the principal from the BearerTokenEvidence so the authorizationIdentity will just be the RealmIdentity.NON_EXISTENT identity, resulting in the "User does not exist" error.
2020-06-11 08:51:06,767 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost' protocol='http'
2020-06-11 08:51:06,769 TRACE [org.wildfly.security] (default task-1) Evidence verification: evidence = org.wildfly.security.evidence.BearerTokenEvidence@2587e47f evidencePrincipal = null
2020-06-11 08:51:06,782 DEBUG [org.wildfly.security] (default task-1) Token is using algorithm [RS256]
2020-06-11 08:51:06,789 DEBUG [org.wildfly.security] (default task-1) Token is using algorithm [RS256]
2020-06-11 08:51:06,792 TRACE [org.wildfly.security] (default task-1) BEARER_TOKEN: org.wildfly.security.http.HttpAuthenticationException: ELY05053: Callback handler failed for unknown reason
at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:161)
... 41 more
- is incorporated by
-
ELY-2016 Release WildFly Elytron 1.10.8.Final
- Resolved
-
WFCORE-5091 Upgrade WildFly Elytron to 1.13.0.Final
- Closed