Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18600

[GSS](7.3.z) WFCORE-4820 - Error: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN)

XMLWordPrintable

    • +
    • Hide

      Scenario One

      The minimal steps to reproduce are to add the following entries to the default host.xml and then start domain mode.

                  <security-realm name="ldap_security_realm">
                      <authentication>
                          <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
                              <username-filter attribute="samaccountname"/>
                          </ldap>
                      </authentication>
                  </security-realm>
      
              <outbound-connections>
                  <ldap name="testLdap" url="ldap://localhost:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="passowrd" />
              </outbound-connections>
      

      This results in the error: -

      [Host Controller] 17:05:25,154 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ldap_security_realm: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ldap_security_realm: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN)
      [Host Controller] 	at org.jboss.as.domain.management.security.SecurityRealmService.start(SecurityRealmService.java:226)
      [Host Controller] 	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
      

      Scenario Two

      A second scenario can be triggerd by defining the security realm as: -

                  <security-realm name="ldap_security_realm">
                      <server-identities>
                          <ssl>
                              <keystore path="generated.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
                          </ssl>
                      </server-identities>
                      <authentication>
                          <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
                              <username-filter attribute="samaccountname"/>
                          </ldap>
                      </authentication>
                  </security-realm>
      

      With the same outbound connection as in the first scenario.

      The management-interfaces should be updated to: -

              <management-interfaces>
                  <http-interface security-realm="ldap_security_realm">
                      <http-upgrade enabled="true"/>
                      <socket interface="management" port="${jboss.management.http.port:9990}"/>
                  </http-interface>
              </management-interfaces>
      

      This results in no clear error.

      [Host Controller] 17:09:12,854 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0034: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details.
      

      This scenario should actually be logging an error similar to the following as the realm is referencing a path which is not defined.

      [Host Controller] 17:08:41,763 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
      [Host Controller]     ("host" => "master"),
      [Host Controller]     ("core-service" => "management"),
      [Host Controller]     ("security-realm" => "ldap_security_realm")
      [Host Controller] ]) - failure description: {
      [Host Controller]     "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir\""],
      [Host Controller]     "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir\"]"]
      

      In the last scenario if jboss.server.config.dir is replaced with jboss.domain.config.dir in the realm then the error reported in the first scenario is again reported.

      Show
      Scenario One The minimal steps to reproduce are to add the following entries to the default host.xml and then start domain mode. <security-realm name="ldap_security_realm"> <authentication> <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true"> <username-filter attribute="samaccountname"/> </ldap> </authentication> </security-realm> <outbound-connections> <ldap name="testLdap" url="ldap://localhost:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="passowrd" /> </outbound-connections> This results in the error: - [Host Controller] 17:05:25,154 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ldap_security_realm: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ldap_security_realm: WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN) [Host Controller] at org.jboss.as.domain.management.security.SecurityRealmService.start(SecurityRealmService.java:226) [Host Controller] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) Scenario Two A second scenario can be triggerd by defining the security realm as: - <security-realm name="ldap_security_realm"> <server-identities> <ssl> <keystore path="generated.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> </ssl> </server-identities> <authentication> <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true"> <username-filter attribute="samaccountname"/> </ldap> </authentication> </security-realm> With the same outbound connection as in the first scenario. The management-interfaces should be updated to: - <management-interfaces> <http-interface security-realm="ldap_security_realm"> <http-upgrade enabled="true"/> <socket interface="management" port="${jboss.management.http.port:9990}"/> </http-interface> </management-interfaces> This results in no clear error. [Host Controller] 17:09:12,854 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0034: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details. This scenario should actually be logging an error similar to the following as the realm is referencing a path which is not defined. [Host Controller] 17:08:41,763 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ [Host Controller] ("host" => "master"), [Host Controller] ("core-service" => "management"), [Host Controller] ("security-realm" => "ldap_security_realm") [Host Controller] ]) - failure description: { [Host Controller] "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir\""], [Host Controller] "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir\"]"] In the last scenario if jboss.server.config.dir is replaced with jboss.domain.config.dir in the realm then the error reported in the first scenario is again reported.

      error:
      WFLYDM0042: Multiple CallbackHandlerServices for the same mechanism (PLAIN)
      We get an error with the following ldap configuration. This works for version 17.
      <security-realm name="ldap_security_realm">
      <server-identities>
      <ssl>
      <engine enabled-protocols="TLSv1.2"/>
      <keystore path="/opt/app/workload/jboss/ssl_jboss/psftest2s.jboss.keystore" keystore-password="${VAULT::ssl_cert::password::1}"/>
      </ssl>
      </server-identities>
      <authentication>
      <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
      <username-filter attribute="samaccountname"/>
      </ldap>
      </authentication>
      </security-realm>
      </security-realms>
      <outbound-connections>
      <ldap name="testLdap" url="ldap://its-ad-ldap.it.test.com:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="${VAULT::ldap_searchdn::password::1}" security-realm="ldap_security_realm"/>
      </outbound-connections>
      <management-interfaces>
      <http-interface security-realm="ldap_security_realm">
      <http-upgrade enabled="true"/>
      <socket interface="management" port="${jboss.management.http.port:9990}"/>
      </http-interface>
      </management-interfaces>

            rhn-support-ivassile Ilia Vassilev
            ms2836a Mark Sanchez (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: