Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18600

[GSS](7.3.z) WFCORE-4820 - Error: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN)

    XMLWordPrintable

Details

    • +
    • Hide

      Scenario One

      The minimal steps to reproduce are to add the following entries to the default host.xml and then start domain mode.

                  <security-realm name="ldap_security_realm">
                <authentication>
                    <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
                        <username-filter attribute="samaccountname"/>
                    </ldap>
                </authentication>
            </security-realm>

        <outbound-connections>
            <ldap name="testLdap" url="ldap://localhost:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="passowrd" />
        </outbound-connections>

      This results in the error: -

      [Host Controller] 17:05:25,154 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ldap_security_realm: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ldap_security_realm: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN)
[Host Controller] 	at org.jboss.as.domain.management.security.SecurityRealmService.start(SecurityRealmService.java:226)
[Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)

      Scenario Two

      A second scenario can be triggerd by defining the security realm as: -

                  <security-realm name="ldap_security_realm">
                <server-identities>
                    <ssl>
                        <keystore path="generated.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
                    </ssl>
                </server-identities>
                <authentication>
                    <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
                        <username-filter attribute="samaccountname"/>
                    </ldap>
                </authentication>
            </security-realm>

      With the same outbound connection as in the first scenario.

      The management-interfaces should be updated to: -

              <management-interfaces>
            <http-interface security-realm="ldap_security_realm">
                <http-upgrade enabled="true"/>
                <socket interface="management" port="${jboss.management.http.port:9990}"/>
            </http-interface>
        </management-interfaces>

      This results in no clear error.

      [Host Controller] 17:09:12,854 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0034: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details.

      This scenario should actually be logging an error similar to the following as the realm is referencing a path which is not defined.

      [Host Controller] 17:08:41,763 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
[Host Controller]     ("host" => "master"),
[Host Controller]     ("core-service" => "management"),
[Host Controller]     ("security-realm" => "ldap_security_realm")
[Host Controller] ]) - failure description: {
[Host Controller]     "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir\""],
[Host Controller]     "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir\"]"]

      In the last scenario if jboss.server.config.dir is replaced with jboss.domain.config.dir in the realm then the error reported in the first scenario is again reported.

      Show
      Scenario One The minimal steps to reproduce are to add the following entries to the default host.xml and then start domain mode. <security-realm name="ldap_security_realm"> <authentication> <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true"> <username-filter attribute="samaccountname"/> </ldap> </authentication> </security-realm> <outbound-connections> <ldap name="testLdap" url="ldap://localhost:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="passowrd" /> </outbound-connections> This results in the error: - [Host Controller] 17:05:25,154 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ldap_security_realm: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ldap_security_realm: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN) [Host Controller] at org.jboss.as.domain.management.security.SecurityRealmService.start(SecurityRealmService.java:226) [Host Controller] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) Scenario Two A second scenario can be triggerd by defining the security realm as: - <security-realm name="ldap_security_realm"> <server-identities> <ssl> <keystore path="generated.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> </ssl> </server-identities> <authentication> <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true"> <username-filter attribute="samaccountname"/> </ldap> </authentication> </security-realm> With the same outbound connection as in the first scenario. The management-interfaces should be updated to: - <management-interfaces> <http-interface security-realm="ldap_security_realm"> <http-upgrade enabled="true"/> <socket interface="management" port="${jboss.management.http.port:9990}"/> </http-interface> </management-interfaces> This results in no clear error. [Host Controller] 17:09:12,854 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0034: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details. This scenario should actually be logging an error similar to the following as the realm is referencing a path which is not defined. [Host Controller] 17:08:41,763 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ [Host Controller] ("host" => "master"), [Host Controller] ("core-service" => "management"), [Host Controller] ("security-realm" => "ldap_security_realm") [Host Controller] ]) - failure description: { [Host Controller] "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir\""], [Host Controller] "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir\"]"] In the last scenario if jboss.server.config.dir is replaced with jboss.domain.config.dir in the realm then the error reported in the first scenario is again reported.

    Description

      error:
      WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN)
      We get an error with the following ldap configuration. This works for version 17.
      <security-realm name="ldap_security_realm">
      <server-identities>
      <ssl>
      <engine enabled-protocols="TLSv1.2"/>
      <keystore path="/opt/app/workload/jboss/ssl_jboss/psftest2s.jboss.keystore" keystore-password="${VAULT::ssl_cert::password::1}"/>
      </ssl>
      </server-identities>
      <authentication>
      <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
      <username-filter attribute="samaccountname"/>
      </ldap>
      </authentication>
      </security-realm>
      </security-realms>
      <outbound-connections>
      <ldap name="testLdap" url="ldap://its-ad-ldap.it.test.com:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="${VAULT::ldap_searchdn::password::1}" security-realm="ldap_security_realm"/>
      </outbound-connections>
      <management-interfaces>
      <http-interface security-realm="ldap_security_realm">
      <http-upgrade enabled="true"/>
      <socket interface="management" port="${jboss.management.http.port:9990}"/>
      </http-interface>
      </management-interfaces>

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-4820 Error: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-18775 (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              ms2836a Mark Sanchez (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: