Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.3.5.GA, 7.3.5.CR1
Affects Version/s: None
Component/s: Security
Labels:
- test_included

Blocked:
False
Ready:
False
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
QE Test Coverage:
+
Release Note Text:
Undefined
Target Release:

7.3.z.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1460
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When using a CachingSecurityRealm with identities with multiple SCRAM passwords, an NPE happens when attempting to obtain credentials for those identities.
This is caused by the fact that IdentityCredentials.Many uses strict matching between algorithm requires a strict match between algorithmName and parameterSpec whereas One and Two accept "loose" matches when those are null.

org.wildfly.security.auth.server.IdentityCredentials$Many.getCredential(IdentityCredentials.java:705
org.infinispan.server.security.realm.CachingSecurityRealm.getCredential(CachingSecurityRealm.java:154
org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.getCredential(ServerAuthenticationContext.java:1982
org.wildfly.security.auth.server.ServerAuthenticationContext.getCredential(ServerAuthenticationContext.java:660
org.wildfly.security.auth.server.ServerAuthenticationContext.handleOne(ServerAuthenticationContext.java:972
org.wildfly.security.auth.server.ServerAuthenticationContext.handle(ServerAuthenticationContext.java:867
org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer(TrustManagerSaslServerFactory.java:101
org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156
org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:83
org.wildfly.security.mechanism.scram.ScramServer.evaluateInitialResponse(ScramServer.java:207
org.wildfly.security.sasl.scram.ScramSaslServer.evaluateMessage(ScramSaslServer.java:84
org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219
org.wildfly.security.sasl.util.AbstractSaslServer.evaluateResponse(AbstractSaslServer.java:82
org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58
org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110
org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.evaluateResponse(SecurityIdentitySaslServerFactory.java:59
org.infinispan.server.core.security.SubjectSaslServer.evaluateResponse(SubjectSaslServer.java:39
org.infinispan.server.hotrod.Authentication.authInternal(Authentication.java:90
org.infinispan.server.hotrod.Authentication.lambda$auth(Authentication.java:77
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35
org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377
java.base/java.lang.Thread.run(Thread.java:83)

clones

ELY-2031 NullPointerException when using CachingSecurityRealm with SCRAM algorithms

Resolved

is incorporated by

JBEAP-20376 (7.3.z) Upgrade WildFly Elytron from 1.10.9.Final-redhat-00001 to 1.10.10.Final-redhat

Closed

Assignee:: Ilia Vassilev

Reporter:: Ilia Vassilev

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2020/10/28 11:08 AM

Updated:: 2024/08/27 1:48 PM

Resolved:: 2020/11/25 9:34 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates