In our tests for PLAIN SASL mechanism in the AS testsuite we realized a wrong SaslClient implementation is used. Instead of the Elytron one, the JDK provided one is used (com.sun.security.sasl.PlainClient).
The Elytron client builds the AuthenticationContext and runs executed code in this way:
AuthenticationConfiguration authnCfg = AuthenticationConfiguration.EMPTY.allowSaslMechanisms(MECHANISM_PLAIN)
.useName(USERNAME).usePassword("wrongPassword")
.useDefaultProviders();
AuthenticationContext.empty().with(MatchRule.ALL, authnCfg).run(...)
It seems to be related to what's included on classpath. When we use the same code in elytron-client-demo the correct mechanism is used.
Update:
Remove following Assume row from AbstractMgmtSaslTestBase.java (currently in https://github.com/wildfly/wildfly-core/pull/2481) as part of the fix:
Assume.assumeFalse("ELY-1203 - Skipping PLAIN mechanism.", "PLAIN".equals(mechanismName));
- is cloned by
-
ELY-1203 Elytron AuthenticationConfiguration uses SASL mechanism from incorrect security Provider in some cases
- Resolved
- is incorporated by
-
JBEAP-11223 Upgrade WildFly Elytron to 1.1.0.Beta48
- Closed
- is related to
-
JBEAP-11643 Return SASLException for PLAIN mechanism when wrong password is provided
- Closed