-
Bug
-
Resolution: Done
-
Blocker
-
7.1.0.DR14
User impact: User can't configure kerberos authentication in DR14 with Elytron
Workaround: There is no workaround
Regression against DR13.
Description:
If I try command which worked previously I get error
[standalone@localhost:9990 /] /subsystem=elytron/kerberos-security-factory=a:add(principal=HTTP/localhost@JBOSS.ORG, path=/somewhere, mechanism-oids=["1.2.840.113554.1.2.2","1.3.6.1.5.5.2"]) { "outcome" => "failed", "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException", "rolled-back" => true }
In server.log there is this stacktrace
15:00:53,476 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 4) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("kerberos-security-factory" => "a") ]): java.lang.IllegalArgumentException at org.jboss.dmr.ModelValue.asPropertyList(ModelValue.java:103) at org.jboss.dmr.ModelNode.asPropertyList(ModelNode.java:503) at org.wildfly.extension.elytron.KerberosSecurityFactoryDefinition$2.getValueSupplier(KerberosSecurityFactoryDefinition.java:168) at org.wildfly.extension.elytron.TrivialAddHandler.performRuntime(TrivialAddHandler.java:77) at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151) at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:979) at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:722) at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:441) at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1388) at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:421) at org.jboss.as.controller.ModelControllerImpl.lambda$execute$1(ModelControllerImpl.java:243) at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:263) at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:229) at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:243) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:217) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$400(ModelControllerClientOperationHandler.java:137) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:161) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:287) at org.wildfly.security.auth.server.SecurityIdentity.runAs(SecurityIdentity.java:244) at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:254) at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:225) at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:157) at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) at org.jboss.threads.JBossThread.run(JBossThread.java:320)
Adding optional options attribute makes command work again
[standalone@localhost:9990 /] /subsystem=elytron/kerberos-security-factory=a:add(principal=HTTP/localhost@JBOSS.ORG, path=/somewhere, mechanism-oids=["1.2.840.113554.1.2.2","1.3.6.1.5.5.2"],options={a=b}) {"outcome" => "success"}
But after reload, there is error in server log
18:30:37,430 ERROR [org.jboss.as.controller] (Controller Boot Thread) OPVDX001: Validation error in standalone.xml ----------------------------------- | | 365: </kerberos-security-factory> | 366: </credential-security-factories> | 367: <mappers> | ^^^^ 'mappers' isn't an allowed element here | | Elements allowed here are: | audit-logging policy | authentication-client providers | credential-security-factories sasl | credential-stores security-domains | dir-contexts security-properties | http security-realms | mappers tls | | 368: <constant-permission-mapper name="default-permission-mapper"> | 369: <permission class-name="org.wildfly.security.auth.permission.LoginPermission"/> | 370: <permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*"/> | | 'mappers' is allowed in elements: | - server > profile > {urn:wildfly:elytron:1.0}subsystem | " | | The primary underlying error message was: | > ParseError at [row,col]:[367,13] | > Message: WFLYCTL0198: Unexpected element | > '{urn:wildfly:elytron:1.0}mappers' encountered | |------------------------------------------------------------------------------- 18:30:37,430 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:143) at org.jboss.as.server.ServerService.boot(ServerService.java:376) at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:337) at java.lang.Thread.run(Thread.java:745) 18:30:37,432 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
Attribute options is marked correctly optional in model.
"options" => { "type" => OBJECT, "description" => "The Krb5LoginModule additional options.", "expressions-allowed" => false, "required" => false, "nillable" => true, "value-type" => STRING, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" },
- blocks
-
JBEAP-6480 Unable to configure Krb5LoginModule options in elytron kerberos implementation
- Closed
- is cloned by
-
WFCORE-2549 Elytron, unable to configure Kerberos authentication
- Resolved
- is incorporated by
-
JBEAP-9679 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta10
- Closed