Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.DR17
Affects Version/s: 7.1.0.DR15
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/753/files
Steps to Reproduce:
Hide

Follows step https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.alpha/html-single/how_to_set_up_sso_with_kerberos/#secure_mgmt_interface_krb_elytron in IPv6 environment
*

/subsystem=elytron/http-authentication-factory=example-krb-http-auth:add( \ http-server-mechanism-factory=global, \ security-domain=exampleFsSD, \ mechanism-configurations=[ \ { \ mechanism-name=SPNEGO,\ mechanism-realm-configurations= \ [ \ { \ realm-name=exampleFsSD \ } \ ], \ host-name=[::1],\ credential-security-factory=krbSF \ } \ ] \ )

Ensure in /etc/hosts there is not line similar ::1 localhost6.localdomain6 localhost6, otherwise [::1] resolves into localhost6
Show
Follows step https://doc-stage.usersys.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1.alpha/html-single/how_to_set_up_sso_with_kerberos/#secure_mgmt_interface_krb_elytron in IPv6 environment * /subsystem=elytron/http-authentication-factory=example-krb-http-auth:add( \ http-server-mechanism-factory=global, \ security-domain=exampleFsSD, \ mechanism-configurations=[ \ { \ mechanism-name=SPNEGO,\ mechanism-realm-configurations= \ [ \ { \ realm-name=exampleFsSD \ } \ ], \ host-name=[::1],\ credential-security-factory=krbSF \ } \ ] \ ) Ensure in /etc/hosts there is not line similar ::1 localhost6.localdomain6 localhost6 , otherwise [::1] resolves into localhost6

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

There is code in Elytron

SetMechanismInformationMechanismFactory.java

@Override
            public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
                String host = request.getFirstRequestHeaderValue(HOST);
                String resolvedHostName = null;
                if (host != null) {
                  if (host.startsWith("[")) {
                      int close = host.indexOf(']');
                      if (close > 0) {
                          resolvedHostName = host.substring(0, close);
                      }
                  }

I assume intention of this code is to get from e.g. "[::1]:8080" just "[::1]", but now it gets only "[::1". To achieve this my assumption, there should be rather

resolvedHostName = host.substring(0, close + 1);

is cloned by

ELY-1040 Elytron, incorrect IPv6 address resolution

Resolved

is incorporated by

JBEAP-10016 Upgrade WildFly Elytron to 1.1.0.Beta35

Closed

Assignee:: Tomas Hofman

Reporter:: Martin Choma

Tester:: Martin Choma

QA Contact:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/03/29 6:36 AM

Updated:: 2024/09/02 3:52 PM

Resolved:: 2017/04/12 2:48 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates