Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11070

Only the last mechanism selector is used in Elytron client configuration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER2
    • 7.1.0.DR18
    • Security
    • None

      When Elytron client configuration file includes sasl-mechanism-selector with string which contains more mechanisms then only the last mentioned mechanism is used. In correct behavior it should use all given mechanisms in given order, see [1].

      In case when the last given mechanism is supported by server then it tries to authenticate, otherwise no mechanism is used to attempt to authenticate.

      For example, following element for selector can be used in Elytron client configuration file:

      <sasl-mechanism-selector selector="PLAIN DIGEST-MD5 ANONYMOUS JBOSS-LOCAL-USER"/>

      When only DIGEST-MD5 is supported by server then it works only if DIGEST-MD5 is the last mechanism in selector string.

      [1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13408238

            jkalina@redhat.com Jan Kalina (Inactive)
            olukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: