Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11070

Only the last mechanism selector is used in Elytron client configuration

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.ER2
    • 7.1.0.DR18
    • Security
    • None

    Description

      When Elytron client configuration file includes sasl-mechanism-selector with string which contains more mechanisms then only the last mentioned mechanism is used. In correct behavior it should use all given mechanisms in given order, see [1].

      In case when the last given mechanism is supported by server then it tries to authenticate, otherwise no mechanism is used to attempt to authenticate.

      For example, following element for selector can be used in Elytron client configuration file:

      <sasl-mechanism-selector selector="PLAIN DIGEST-MD5 ANONYMOUS JBOSS-LOCAL-USER"/>

      When only DIGEST-MD5 is supported by server then it works only if DIGEST-MD5 is the last mechanism in selector string.

      [1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13408238

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-1185 Only the last mechanism selector is used in Elytron client configuration

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11067 FAMILY and HASH selectors in Elytron client are parsed incorrectly

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11077 Mechanism names in 'or, 'and', 'eq' or 'if' predicates are not parsed correctly in mechanism selector in Elytron client

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: