Loading...

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 7.1.0.DR12
Affects Version/s: 7.1.0.DR10
Component/s: Security
Labels:
None

Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

Run EAP 7.1.0 DR10 on a remote server with management interface available remotely.

Then run demo elytron client against the remote server IP:

git clone -b eap710dr10 git@github.com:jboss-security-qe/elytron-client-demo.git cd elytron-client-demo mvn package exec:java -Dhostname=172.17.0.2
Show
Run EAP 7.1.0 DR10 on a remote server with management interface available remotely. Then run demo elytron client against the remote server IP: git clone -b eap710dr10 git@github.com:jboss-security-qe/elytron-client-demo.git cd elytron-client-demo mvn package exec:java -Dhostname=172.17.0.2

SFDC Cases Counter:
SFDC Cases Links:

Description

Running Elytron management client demo (https://github.com/jboss-security-qe/elytron-client-demo) with default client configuration (wildfly-config.xml not provided by user) results in following exception as the username and password are not provided:

>>> Demo - default AuthenticationContext (from wildfly-config)
Executing Operation

{
    "operation" => "whoami",
    "verbose" => "true"
}   
java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://172.17.0.2:9990. The connection failed
        at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:149)
        at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:75)
        at org.wildfly.security.elytron.SimpleClient$1.run(SimpleClient.java:56)
        at org.wildfly.security.elytron.SimpleClient.main(SimpleClient.java:68)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://172.17.0.2:9990. The connection failed
        at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:127)
        at org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
        at org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
        at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:162)
        at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:135)
        at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:59)
        at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
        at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
        at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
        at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
        at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
        ... 9 more
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
   DIGEST-MD5: javax.security.sasl.SaslException: ELY05053: [DIGEST-MD5] Callback handler failed for unknown reason [Caused by org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.sasl.RealmCallback@5c7d4e5a]
        at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:110)
        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:393)
        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:239)
        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
        at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
        at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
        at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
        at ...asynchronous invocation...(Unknown Source)
        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:466)
        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:437)
        at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:430)
        at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:163)
        at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:119)
        ... 19 more

The cause exception for DIGEST-MD5 authentication is misleading. It wrongly says

Caused by org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.sasl.RealmCallback@5c7d4e5a

This results in hard-to-find configuration issues.
A correct exception type or a correct message should be used here - something about missing authentication properties for DIGEST-MD5: username, password.

Attachments

Issue Links

incorporates

JBEAP-9490 [GSS](7.1.0) standalone.sh can hang on gc log back up moves

Verified

Wrong cause exception type for failed DIGEST-MD5 authentication

Details

Description

Attachments

Issue Links

Activity

People

Dates