Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9030

JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism

    XMLWordPrintable

Details

    • Hide

      These steps work correctly with EAP 7.1.0.DR11, but fail with EAP 7.1.0.DR12:
      1) Add user - add following line to standalone/configuration/mgmt-users.properties

      user1=pass@123

      2) Configure application server:

      /subsystem=elytron/sasl-authentication-factory=elytronSaslAuthnFactory:add(security-domain=ManagementDomain,sasl-server-factory=global,mechanism-configurations=[{mechanism-name=PLAIN}])
/subsystem=elytron/properties-realm=ManagementRealm:write-attribute(name=users-properties.plain-text,value=true)

      3) Change http-interface to following:

      <http-interface http-authentication-factory="management-http-authentication">
    <http-upgrade enabled="true" sasl-authentication-factory="elytronSaslAuthnFactory"/>
    <socket-binding http="management-http"/>
</http-interface>

      4) try to authenticate to jboss CLI:

      ./jboss-cli.sh -c -u=user1 -p=pass@123 --no-local-auth
Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: JBREM000202: Abrupt close on Remoting connection 25b770fb to localhost/127.0.0.1:9990 of endpoint "cli-client" <5a992706>
      Show
      These steps work correctly with EAP 7.1.0.DR11, but fail with EAP 7.1.0.DR12: 1) Add user - add following line to standalone/configuration/mgmt-users.properties user1=pass@123 2) Configure application server: /subsystem=elytron/sasl-authentication-factory=elytronSaslAuthnFactory:add(security-domain=ManagementDomain,sasl-server-factory=global,mechanism-configurations=[{mechanism-name=PLAIN}]) /subsystem=elytron/properties-realm=ManagementRealm:write-attribute(name=users-properties.plain-text,value= true ) 3) Change http-interface to following: <http- interface http-authentication-factory= "management-http-authentication" > <http-upgrade enabled= " true " sasl-authentication-factory= "elytronSaslAuthnFactory" /> <socket-binding http= "management-http" /> </http- interface > 4) try to authenticate to jboss CLI: ./jboss-cli.sh -c -u=user1 -p=pass@123 --no-local-auth Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http: //localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: JBREM000202: Abrupt close on Remoting connection 25b770fb to localhost/127.0.0.1:9990 of endpoint "cli-client" <5a992706>

    Description

      In case when PLAIN mechanism is used for Elytron SASL factories used by any of management-interfaces then JBoss CLI is not able to connect to the server. This issue happens with http-interface as well as native-interface. See Steps to Reproduce for more details.

      This feature works correctly in EAP 7.1.0.DR11.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9059 PLAIN mechanism does not work with WildFlyElytronProvider for AuthenticationConfiguration

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2380 JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-10508 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta21

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10614 Elytron, all http mechanisms handled on each request.

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10074 Make SASL authentication attempts count configurable.

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: