Details
-
Bug
-
Resolution: Done
-
Blocker
-
7.1.0.DR18
-
None
Description
Server rejects DIGEST SASL authentication in some cases when an existing remoting connection is reused. It seems the protocol name is not updated or matched correctly. The root cause of the problem is moreover hidden due to JBEAP-10953.
Clients just get:
Caused by: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication
at org.jboss.remoting3.ConnectionPeerIdentityContext.doAuthenticate(ConnectionPeerIdentityContext.java:340)
at org.jboss.remoting3.ConnectionPeerIdentityContext.authenticate(ConnectionPeerIdentityContext.java:178)
at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:478)
at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:467)
...
The hidden exception stack trace is:
javax.security.sasl.SaslException: ELY05088: [DIGEST-MD5] digest-uri "remote+http/doma" not accepted at org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:239) at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:355) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:328) at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58) at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106) at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57) at org.jboss.remoting3.ConnectionImpl.lambda$receiveAuthResponse$3(ConnectionImpl.java:273) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:897) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748)
We hit this problem as an intermittent failure in the AS testsuite.
Attachments
Issue Links
- blocks
-
-
- Verified
-
- is cloned by
-
-
- Resolved
-
