Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-18917

[GSS](7.2.z) Elytron LDAP Squashes Authentication Exception

    XMLWordPrintable

Details

    Description

      Trace logging shows:

      2020-03-10 13:51:38,549 DEBUG [org.wildfly.security] (management task-1) Found entry [uid=dguthrie,ou=users,dc=example,dc=com].
2020-03-10 13:51:38,550 DEBUG [org.wildfly.security] (management task-1) Identity for principal [dguthrie] found at [uid=dguthrie,ou=users,dc=example,dc=com].
2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Credential direct evidence verification failed. DN: [uid=dguthrie,ou=users,dc=example,dc=com]
2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Context [javax.naming.ldap.InitialLdapContext@25061db2] was closed. Connection closed or just returned to the pool.
2020-03-10 13:51:38,581 TRACE [org.wildfly.security] (management task-1) Handling AuthenticationCompleteCallback: fail
2020-03-10 13:51:38,582 TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified

      Where "Credential direct evidence verification failed. DN [uid=dguthrie,ou=users,dc=example,dc=com]" is missing the exception or even a reason.

      In DirectEvidenceVerifier.java around line 102 in the Exception handler it has

      log.debugf("Credential direct evidence verification failed. DN: [%s]", distinguishedName,e);

      In this case, the "e" is the exception, but that parameter position is for the string formatting for which there is no token in the formatter. I believe what they meant to write was:

      log.debugf(e, "Credential direct evidence verification failed. DN: [%s]", distinguishedName);

      See GitHub

      where the first parameter is the exception. A customer is migrating from legacy to elytron, and they have been using the LDAP error codes in the log for their internal IT to help figure out why people failed login. It's also invaluable for support.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-18930 [GSS](7.3.z) ELY-1940 - Elytron LDAP Squashes Authentication Exception

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-18931 [GSS](7.2.z) Upgrade WildFly Elytron from 1.6.5.Final-redhat-00001 to 1.6.6.Final-redhat-00001

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. ELY-1940 Elytron LDAP Squashes Authentication Exception

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          links to

          Web Link KCS solution

          Activity

            People

              rhn-engineering-lgao Lin Gao
              rhn-support-dguthrie David Guthrie
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: