Uploaded image for project: 'HawtIO'
  1. HawtIO
  2. HAWNG-485

The Hawtio management console does not display a message on the UI when client certificate authentication is rejected

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • 4.1.0
    • 4.0.0-TP1
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      There is a reproducer for A-MQ 7.10, and this is generated and run as follows:

      1. Download a zip from here that creates and setups an A_MQ 7 instance with the client authentication already setup
      2. Download and unzip an A-MQ 7.10 product folder
      3. Change the script env variables:
        1. JAVA_HOME, to point to your JRE or JDK directory
        2. AMQ_HOME, to point to your A-MQ 7.10 product folder 
      4. Run the script
        1.  $ chmod +x TEST-create-broker-and-certs.selfsigned.sh
        2.  $ ./TEST-create-broker-and-certs.selfsigned.sh
      5. The scripts generate a new broker installation, located in folder "server" 
      6. The script prints instructions to reproduce the issue:
        1. Start the broker: server/bin/artemis run
        2. If the certs are regenerated, import client.p12 [password: ad123abc] in browser
        3. Enter https://localhost:8443/console
      Show
      There is a reproducer for A-MQ 7.10, and this is generated and run as follows: Download a zip from here that creates and setups an A_MQ 7 instance with the client authentication already setup Download and unzip an A-MQ 7.10 product folder Change the script env variables: JAVA_HOME, to point to your JRE or JDK directory AMQ_HOME, to point to your A-MQ 7.10 product folder  Run the script  $ chmod +x TEST-create-broker-and-certs.selfsigned.sh  $ ./TEST-create-broker-and-certs.selfsigned.sh The scripts generate a new broker installation, located in folder "server"  The script prints instructions to reproduce the issue: Start the broker: server/bin/artemis run If the certs are regenerated, import client.p12 [password: ad123abc] in browser Enter https://localhost:8443/console

      The Hawtio component does not show any message on the login page, after rejecting authentication from a client certificate. Hawtio only redirects the web browser to the login page, without showing any message.

      However, a message like the following is printed on logs:

       

      11:34:28 WARN {qtp555740147-37} : Login failed due to: No user for client certificate: CN=localhost, OU=Support, O=Red Hat, L=Raleigh, ST=NC, C=US
      

       

      A message should be shown also on the login page, letting the user know that the authentication using a client certificate has been rejected. 

      A document with images showing the process has been uploaded here

        1. screenshot-1.png
          screenshot-1.png
          16 kB
        2. screenshot-2.png
          screenshot-2.png
          52 kB
        3. amq-certificate-login-error.mp4
          641 kB

              Unassigned Unassigned
              rhn-support-anarvaez Alfredo Narvaez
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: