Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1114080

When trying to authenticate HotRod client against LDAP using SASL DIGEST-MD5 auth, it fails with:

31m18:21:40,265 ERROR [org.infinispan.server.hotrod.HotRodDecoder] (HotRodServerWorker-7-1) ISPN005009: Unexpected error before any request parameters read: io.netty.handler.codec.DecoderException: org.infinispan.server.hotrod.HotRodException: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
        at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:417) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at org.infinispan.server.core.AbstractProtocolDecoder.channelRead(AbstractProtocolDecoder.scala:471) [infinispan.jar:7.0.0-SNAPSHOT]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:332) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:318) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:125) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:507) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:464) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:378) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:350) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
Caused by: org.infinispan.server.hotrod.HotRodException: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
        at org.infinispan.server.hotrod.HotRodDecoder.createServerException(HotRodDecoder.scala:204) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:118) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.decode(AbstractProtocolDecoder.scala:59) [infinispan.jar:7.0.0-SNAPSHOT]
        at io.netty.handler.codec.ReplayingDecoder.callDecode(ReplayingDecoder.java:362) [netty-all-4.0.20.Final.jar:4.0.20.Final]
        ... 12 more
Caused by: java.lang.IllegalStateException: JBAS015259: No CallbackHandler available for mechanism DIGEST in realm ApplicationRealm
        at org.jboss.as.domain.management.security.SecurityRealmService.getCallbackHandlerService(SecurityRealmService.java:231) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
        at org.jboss.as.domain.management.security.SecurityRealmService.getMechanismConfig(SecurityRealmService.java:128) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
        at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider.getCallbackHandler(EndpointServerAuthenticationProvider.java:54) [infinispan-server-endpoints-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:208) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:152) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:148) [infinispan.jar:7.0.0-SNAPSHOT]
        at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:96) [infinispan.jar:7.0.0-SNAPSHOT]
        ... 14 more

When running same test, but using login/passwd store in properties file, everything works. Serve LDAP config:

<security-realms>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <ldap connection="ldap_connection" recursive="true" base-dn="ou=People,dc=infinispan,dc=org">
                        <username-filter attribute="uid" />
                    </ldap>
                </authentication>
                <authorization>
                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                </authorization>
            </security-realm>
        </security-realms>
        <outbound-connections>
            <ldap name="ldap_connection" url="ldap://localhost:10389"/>
        </outbound-connections>

relates to

ELY-296 Pass through Digest authentication against LDAP

Open

Assignee:: Unassigned

Reporter:: Vojtech Juranek

Archiver:: Amol Dongare

Created:: 2014/06/27 12:25 PM

Updated:: 2022/03/17 10:50 AM

Resolved:: 2022/03/16 1:15 PM

Archived:: 2024/11/28 6:21 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty