Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11288

Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.1.0.ER1
    • 7.1.0.DR19
    • Security
    • None

      Token #MUTUAL should work as follow:
      #MUTUAL - matches all mechanisms which authenticate the server in some way (this might just mean, making the server prove that the server knows the password); currently matches #FAMILY(SCRAM) and #FAMILY(GS2) but may be adjusted in the future as new mechanisms are available. [1]

      However it also incorrectly requires SSL context to be used, in SaslMechanismPredicate.MUTUAL [2] see:

      boolean test(final String mechName, final SSLSession sslSession) {
          return sslSession != null && SaslMechanismInformation.MUTUAL.test(mechName);
      }
      

      SSL context should not be required for #FAMILY(SCRAM) or #FAMILY(GS2).

      [1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13408238
      [2] https://github.com/wildfly-security/wildfly-elytron/blob/03e583dd476dbbdf05e3c852d34e191f181038aa/src/main/java/org/wildfly/security/sasl/SaslMechanismPredicate.java#L185

            fjuma1@redhat.com Farah Juma
            olukas Ondrej Lukas (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: