Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11355

Elytron - Gs2 SASL mechanism fails to retrieve server's GSSCredential

XMLWordPrintable

      Initialization of GS2-KRB5 SASL server fails in constructor.

      Exactly the same configuration which just uses GSSAPI instead of GS2-KRB5 works correctly.

      Setting blocker priority, as this blocks verification and test development for EAP7-530 and EAP7-142.

      Exception from the trace log:

      2017-06-05 14:59:36,209 TRACE [org.jboss.remoting.remote.server] (management I/O-1) Unable to create SaslServer: javax.security.sasl.SaslException: ELY05029: [GS2-KRB5] Unable to create GSSContext [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)]
      	at org.wildfly.security.sasl.gs2.Gs2SaslServer.<init>(Gs2SaslServer.java:91)
      	at org.wildfly.security.sasl.gs2.Gs2SaslServerFactory.createSaslServer(Gs2SaslServerFactory.java:98)
      	at org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory.createSaslServer(SecurityProviderSaslServerFactory.java:80)
      	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64)
      	at org.wildfly.security.sasl.util.MechanismProviderFilteringSaslServerFactory.createSaslServer(MechanismProviderFilteringSaslServerFactory.java:59)
      	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64)
      	at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:80)
      	at org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory.createSaslServer(FilterMechanismSaslServerFactory.java:88)
      	at org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory.createSaslServer(FilterMechanismSaslServerFactory.java:88)
      	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64)
      	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64)
      	at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:80)
      	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51)
      	at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72)
      	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74)
      	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64)
      	at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48)
      	at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:64)
      	at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48)
      	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:51)
      	at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:59)
      	at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:50)
      	at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54)
      	at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:265)
      	at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:127)
      	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
      	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
      	at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
      Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)
      	at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
      	at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:127)
      	at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
      	at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
      	at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:62)
      	at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154)
      	at org.wildfly.security.sasl.gs2.Gs2SaslServer.<init>(Gs2SaslServer.java:89)
      	... 28 more
      

      I'm attaching server configuration and log.

        1. gs2-krb5-remote.pcapng
          7 kB
        2. server.log
          939 kB
        3. standalone-full.xml
          34 kB

              fjuma1@redhat.com Farah Juma
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: