Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
False
-
False
-
+
-
Undefined
Description
When using a CachingSecurityRealm with identities with multiple SCRAM passwords, an NPE happens when attempting to obtain credentials for those identities.
This is caused by the fact that IdentityCredentials.Many uses strict matching between algorithm requires a strict match between algorithmName and parameterSpec whereas One and Two accept "loose" matches when those are null.
org.wildfly.security.auth.server.IdentityCredentials$Many.getCredential(IdentityCredentials.java:705 org.infinispan.server.security.realm.CachingSecurityRealm.getCredential(CachingSecurityRealm.java:154 org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.getCredential(ServerAuthenticationContext.java:1982 org.wildfly.security.auth.server.ServerAuthenticationContext.getCredential(ServerAuthenticationContext.java:660 org.wildfly.security.auth.server.ServerAuthenticationContext.handleOne(ServerAuthenticationContext.java:972 org.wildfly.security.auth.server.ServerAuthenticationContext.handle(ServerAuthenticationContext.java:867 org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer(TrustManagerSaslServerFactory.java:101 org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156 org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:83 org.wildfly.security.mechanism.scram.ScramServer.evaluateInitialResponse(ScramServer.java:207 org.wildfly.security.sasl.scram.ScramSaslServer.evaluateMessage(ScramSaslServer.java:84 org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219 org.wildfly.security.sasl.util.AbstractSaslServer.evaluateResponse(AbstractSaslServer.java:82 org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58 org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110 org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.evaluateResponse(SecurityIdentitySaslServerFactory.java:59 org.infinispan.server.core.security.SubjectSaslServer.evaluateResponse(SubjectSaslServer.java:39 org.infinispan.server.hotrod.Authentication.authInternal(Authentication.java:90 org.infinispan.server.hotrod.Authentication.lambda$auth(Authentication.java:77 org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35 org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982 org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486 org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377 java.base/java.lang.Thread.run(Thread.java:83)
Attachments
Issue Links
- clones
-
-
- Resolved
-
- is incorporated by
-
JBEAP-20376 (7.3.z) Upgrade WildFly Elytron from 1.10.9.Final-redhat-00001 to 1.10.10.Final-redhat
-
- Closed
-