Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8172

Remote JNDI lookup doesn't work through DIGEST-MD5

XMLWordPrintable

    • Regression
    • Hide

      Unzip attached reproducer.zip
      ./reproducer/run.sh

      Show
      Unzip attached reproducer.zip ./reproducer/run.sh

      If client and server are located on different machines, DIGEST-MD5 is used for the authentication. The problem is that the authentication fails if client tries to do JNDI lookup. I can see following exception:

      javax.naming.CommunicationException: WFNAM00018: Failed to connect to remote host [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: [JBOSS-LOCAL-USER] Failed to read challenge file [Caused by java.io.FileNotFoundException: /opt/jboss-eap/standalone/tmp/auth/local9166335689117677976.challenge (No such file or directory)]
   DIGEST-MD5: javax.security.sasl.SaslException: ELY05053: [DIGEST-MD5] Callback handler failed for unknown reason [Caused by org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.sasl.RealmCallback@7633ad2e]]
	at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110)
	at org.wildfly.naming.client.remote.RemoteContext.lookupNative(RemoteContext.java:91)
	at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:78)
	at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:64)
	at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:123)
	at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:113)
	at javax.naming.InitialContext.lookup(InitialContext.java:417)
	at org.jboss.as.quickstarts.jms.HelloWorldJMSClient.main(HelloWorldJMSClient.java:62)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: [JBOSS-LOCAL-USER] Failed to read challenge file [Caused by java.io.FileNotFoundException: /opt/jboss-eap/standalone/tmp/auth/local9166335689117677976.challenge (No such file or directory)]
   DIGEST-MD5: javax.security.sasl.SaslException: ELY05053: [DIGEST-MD5] Callback handler failed for unknown reason [Caused by org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.sasl.RealmCallback@7633ad2e]
	at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:110)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:393)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:239)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:466)
	at org.jboss.remoting3.FutureConnection.connect(FutureConnection.java:113)
	at org.jboss.remoting3.FutureConnection.init(FutureConnection.java:75)
	at org.jboss.remoting3.FutureConnection.get(FutureConnection.java:151)
	at org.jboss.remoting3.EndpointImpl.getConnection(EndpointImpl.java:422)
	at org.jboss.remoting3.UncloseableEndpoint.getConnection(UncloseableEndpoint.java:57)
	at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:105)
	at org.wildfly.naming.client.remote.RemoteNamingProvider.lambda$new$0(RemoteNamingProvider.java:68)
	at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentity(RemoteNamingProvider.java:126)
	at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:108)
	... 13 more

      You can reproduce this issue using by attached reproducer.

      Blocker priority was set, because standalone clients are not able to work properly and there isn't any known workaround.

      Customer impact: standalone clients are not able to do JNDI lookup if they are located on different server than EAP.

        1. reproducer.zip
          47 kB

              dlloyd@redhat.com David Lloyd
              eduda_jira Erich Duda (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: