Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11935

Invalid credetial type is passed to SAML2STSLoginModule

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 7.1.0.ER1
    • Fix Version/s: 7.1.0.ER2
    • Component/s: Security
    • Labels:
      None
    • Target Release:
    • Affects Testing:
      Regression

      Description

      Having a PicketLink STS application and application with EJB secured by SAML2STSLoginModule, when an EJB client requests the EJB using SAML token (from the STS) as credentials the request fails with:

      DEBUG [org.jboss.security] (default task-7) PBOX00206: Login failure: javax.security.auth.login.LoginException: Error handling callback.
      	at org.picketlink.common.DefaultPicketLinkLogger.authErrorHandlingCallback(DefaultPicketLinkLogger.java:1729)
      	at org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule.login(SAML2STSCommonLoginModule.java:329)
      ...
      Caused by: javax.security.auth.login.LoginException: PL00095: Wrong type:SAML2STSLoginModule: Shared credential is not a SAML credential. Got org.jboss.as.security.remoting.RemotingConnectionCredential
      	at org.picketlink.common.DefaultPicketLinkLogger.authSharedCredentialIsNotSAMLCredential(DefaultPicketLinkLogger.java:1708)
      	at org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule.login(SAML2STSCommonLoginModule.java:324)
      	... 48 more
      
      ERROR [org.jboss.as.ejb3.invocation] (default task-7) WFLYEJB0034: EJB Invocation failed on component SecuredEjbBean for method public abstract java.lang.String org.picketlink.test.eap.deployment.sts.client.ejb.SecuredEjb.echoRoleFromStsNeeded(java.lang.String): javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
      	at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69)
      ...
      

      Regression against EAP 7.0. Setting priority to Blocker.

        Attachments

        1. configuration.zip
          13 kB
        2. ejb-test.jar
          3 kB
        3. new-client-properties-server.log
          122 kB
        4. old-client-properties-server.log
          112 kB
        5. picketlink-sts.war
          9 kB

          Activity

            People

            Assignee:
            pcraveiro Pedro E Silva
            Reporter:
            okotek Ondrej Kotek
            Tester:
            Ondrej Kotek Ondrej Kotek
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: