Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-1126

Security realm using ldaps hangs forever during SSL handshake, when ldap server is killed

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.0.0.DR12
    • 7.0.0.DR9
    • Security
    • None
    • Hide

      1. Configure security realm using ldaps connection
      2. Try to acces to secured http management interface
      3. Ldap server is killed during SSL handshake
      4. Connection to EAP is not timeouted and waits forever

      Show
      1. Configure security realm using ldaps connection 2. Try to acces to secured http management interface 3. Ldap server is killed during SSL handshake 4. Connection to EAP is not timeouted and waits forever

    Description

      During failover testing we hit the problem of stuck thread. When ldap server is killed in particular time of ssl handshake EAP hangs and waits forever on response, which will never come. Causing thread to block forever. Same problem can be seen in LdapLoginModule using ldaps without specifying com.sun.jndi.ldap.connect.timeout value.

      Possible solution is to add option to declare com.sun.jndi.ldap.connect.timeout for security realm and provide some default non-empty value, e.g. 15 seconds.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-997 Security realm using ldaps hangs forever during SSL handshake, when ldap server is killed

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is related to

          Feature Request - Feature requests from customers and/or users ELY-290 Ensure a sensible default timeout on the LDAP connections

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. WFLY-2214 Allow additional environment properties to be set for outbound LDAP connections used by security realms.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: