-
Bug
-
Resolution: Done
-
Major
-
7.3.0.CD18, 7.2.6.GA
-
-
-
-
-
-
-
-
- Setup elytron ldap on management layer
- enable debug logging on "org.wildfly.security"
- login with but enter incorrect password.
- check server.log
Trace logging shows:
2020-03-10 13:51:38,549 DEBUG [org.wildfly.security] (management task-1) Found entry [uid=dguthrie,ou=users,dc=example,dc=com].
2020-03-10 13:51:38,550 DEBUG [org.wildfly.security] (management task-1) Identity for principal [dguthrie] found at [uid=dguthrie,ou=users,dc=example,dc=com].
2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Credential direct evidence verification failed. DN: [uid=dguthrie,ou=users,dc=example,dc=com]
2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Context [javax.naming.ldap.InitialLdapContext@25061db2] was closed. Connection closed or just returned to the pool.
2020-03-10 13:51:38,581 TRACE [org.wildfly.security] (management task-1) Handling AuthenticationCompleteCallback: fail
2020-03-10 13:51:38,582 TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified
Where "Credential direct evidence verification failed. DN [uid=dguthrie,ou=users,dc=example,dc=com]" is missing the exception or even a reason.
In DirectEvidenceVerifier.java around line 102 in the Exception handler it has
log.debugf("Credential direct evidence verification failed. DN: [%s]", distinguishedName,e);
In this case, the "e" is the exception, but that parameter position is for the string formatting for which there is no token in the formatter. I believe what they meant to write was:
log.debugf(e, "Credential direct evidence verification failed. DN: [%s]", distinguishedName);
See GitHub
where the first parameter is the exception. A customer is migrating from legacy to elytron, and they have been using the LDAP error codes in the log for their internal IT to help figure out why people failed login. It's also invaluable for support.
- clones
-
JBEAP-18930 [GSS](7.3.z) ELY-1940 - Elytron LDAP Squashes Authentication Exception
- Closed
- is incorporated by
-
JBEAP-18931 [GSS](7.2.z) Upgrade WildFly Elytron from 1.6.5.Final-redhat-00001 to 1.6.6.Final-redhat-00001
- Closed
- is related to
-
ELY-1940 Elytron LDAP Squashes Authentication Exception
- Resolved
- links to