-
Bug
-
Resolution: Done
-
Major
-
7.2.9.GA, 7.3.2.GA
When configuring a certificate login setup with elytron it doesn't work if the certificate is sent using the certificate-forwarding and proxy-address-forwarding. When there is an web proxy in front of the EAP server and forwarding is activated the following exception is received:
2020-09-14 16:46:37,998 TRACE [org.wildfly.security] (default task-1) CLIENT_CERT: org.wildfly.security.http.HttpAuthenticationException: ELY05053: Callback handler failed for unknown reason at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.http.cert.ClientCertAuthenticationMechanism.attemptAuthentication(ClientCertAuthenticationMechanism.java:151) at org.wildfly.security.http.cert.ClientCertAuthenticationMechanism.evaluateRequest(ClientCertAuthenticationMechanism.java:94) at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:119) at org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:85) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:270) at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:249) at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:97) at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:96) ... Caused by: java.lang.IllegalStateException: ELY01000: Authentication name was already set on this context at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.setPrincipal(ServerAuthenticationContext.java:2025) at org.wildfly.security.auth.server.ServerAuthenticationContext.setAuthenticationPrincipal(ServerAuthenticationContext.java:409) at org.wildfly.security.auth.server.ServerAuthenticationContext.setAuthenticationName(ServerAuthenticationContext.java:383) at org.wildfly.security.auth.server.ServerAuthenticationContext.setAuthenticationName(ServerAuthenticationContext.java:367) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:870) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:851) at org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:121) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 44 more
- clones
-
WFLY-13876 Test for key-store certificate realm login (test for ELY-2023)
- Closed
- incorporates
-
ELY-2023 Elytron ClientCertAuthenticationMechanism does not work when using a web proxy
- Resolved
- is caused by
-
ELY-2023 Elytron ClientCertAuthenticationMechanism does not work when using a web proxy
- Resolved
- is incorporated by
-
JBEAP-20376 (7.3.z) Upgrade WildFly Elytron from 1.10.9.Final-redhat-00001 to 1.10.10.Final-redhat
- Closed