Uploaded image for project: 'JBoss BPMS Platform'
  1. JBoss BPMS Platform
  2. RHBPMS-1805

Unable to clone repository using ssh issue with LDAP on Tomcat

XMLWordPrintable

      Description of problem:
      Using BPMS 6.0.2 on Tomcat / EWS 2.0, it is not possible to git clone over ssh when the users are stored in LDAP. Only the authentication at the business-central web application is working with the JNDIRealm defined in server.xml.

      Version-Release number of selected component (if applicable):

      How reproducible:
      always

      Steps to Reproduce:
      1. Deploy BPMS 6.0.2 on EWS 2.0 as per the Installation Guide
      2. Change $TOMCAT_HOME/conf/server.xml to use JNDIRealm instead of UserDatabaseRealm
      3. Edit business-central/WEB-INF/classes/login.config (as per https://bugzilla.redhat.com/show_bug.cgi?id=1103237)
      4. Start the server
      5. Clone the repository using a user from LDAP:
      $ git clone ssh://ldapuser@localhost:8001/repository1

      Actual results:
      Cloning fails due to failed authentication.

      Expected results:
      Cloning works with user from LDAP.

      Additional info:

      Note 1: git clone ssh works with a user defined in tomcat-users.xml

      Note 2: Defining JNDIRealm in business-central/WEB-INF/classes/login.config fails with an ArrayIndexOutOfBoundsException, apparently as the JNDIRealm does not have an initialize() method:

      java.lang.ArrayIndexOutOfBoundsException: 114
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:771)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
      at org.uberfire.security.server.auth.source.JAASAuthenticationSource.authenticate(JAASAuthenticationSource.java:66)

      This error is swallowed in JAASAuthenticationSource:
      https://github.com/uberfire/uberfire/blob/master/uberfire-security/uberfire-security-server/src/main/java/org/uberfire/security/server/auth/source/JAASAuthenticationSource.java#L69

      Note 3: With BPMS on EAP, the following system property can be used to define the security domain with the LDAP login module:

      <property name="org.uberfire.domain" value="LDAPAuth"/>

        1. Config files to reproduce the issue.zip
          4 kB

              swiderski.maciej Maciej Swiderski (Inactive)
              rhn-support-mputz Martin Weiler (Inactive)
              Tomáš Livora Tomáš Livora (Inactive)
              Tomáš Livora Tomáš Livora (Inactive)
              Alessandro Lazarotti, Kris Verlaenen, Maciej Swiderski (Inactive), Martin Weiler (Inactive), Michael Anstis, Zuzka Krejčová (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: