Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8172

Remote JNDI lookup doesn't work through DIGEST-MD5

    XMLWordPrintable

Details

    • Regression
    • Hide

      Unzip attached reproducer.zip
      ./reproducer/run.sh

      Show
      Unzip attached reproducer.zip ./reproducer/run.sh

    Description

      If client and server are located on different machines, DIGEST-MD5 is used for the authentication. The problem is that the authentication fails if client tries to do JNDI lookup. I can see following exception:

      javax.naming.CommunicationException: WFNAM00018: Failed to connect to remote host [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: [JBOSS-LOCAL-USER] Failed to read challenge file [Caused by java.io.FileNotFoundException: /opt/jboss-eap/standalone/tmp/auth/local9166335689117677976.challenge (No such file or directory)]
   DIGEST-MD5: javax.security.sasl.SaslException: ELY05053: [DIGEST-MD5] Callback handler failed for unknown reason [Caused by org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.sasl.RealmCallback@7633ad2e]]
	at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110)
	at org.wildfly.naming.client.remote.RemoteContext.lookupNative(RemoteContext.java:91)
	at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:78)
	at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:64)
	at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:123)
	at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:113)
	at javax.naming.InitialContext.lookup(InitialContext.java:417)
	at org.jboss.as.quickstarts.jms.HelloWorldJMSClient.main(HelloWorldJMSClient.java:62)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: [JBOSS-LOCAL-USER] Failed to read challenge file [Caused by java.io.FileNotFoundException: /opt/jboss-eap/standalone/tmp/auth/local9166335689117677976.challenge (No such file or directory)]
   DIGEST-MD5: javax.security.sasl.SaslException: ELY05053: [DIGEST-MD5] Callback handler failed for unknown reason [Caused by org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.sasl.RealmCallback@7633ad2e]
	at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:110)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:393)
	at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:239)
	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
	at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
	at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
	at ...asynchronous invocation...(Unknown Source)
	at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:466)
	at org.jboss.remoting3.FutureConnection.connect(FutureConnection.java:113)
	at org.jboss.remoting3.FutureConnection.init(FutureConnection.java:75)
	at org.jboss.remoting3.FutureConnection.get(FutureConnection.java:151)
	at org.jboss.remoting3.EndpointImpl.getConnection(EndpointImpl.java:422)
	at org.jboss.remoting3.UncloseableEndpoint.getConnection(UncloseableEndpoint.java:57)
	at org.jboss.remoting3.Endpoint.getConnection(Endpoint.java:105)
	at org.wildfly.naming.client.remote.RemoteNamingProvider.lambda$new$0(RemoteNamingProvider.java:68)
	at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentity(RemoteNamingProvider.java:126)
	at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:108)
	... 13 more

      You can reproduce this issue using by attached reproducer.

      Blocker priority was set, because standalone clients are not able to work properly and there isn't any known workaround.

      Customer impact: standalone clients are not able to do JNDI lookup if they are located on different server than EAP.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11085 [GSS](7.0.z) Remote standalone ejb client does not work with DIGEST-MD5

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              dlloyd@redhat.com David Lloyd
              eduda_jira Erich Duda (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: