Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 11.0.0.Beta7
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      Richard Opalka I believe this is caused by the MSC refactoring.

      Steps, in the default host.xml for domain mode.

      1. Define the following security realm: -

              <security-realms>
                  <security-realm name="ldap_security_realm">
                      <server-identities>
                          <ssl>
                              <keystore path="generated.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/>
                          </ssl>
                      </server-identities>
                      <authentication>
                          <ldap connection="testLdap" base-dn="dc=test,dc=sbc,dc=com" recursive="true">
                              <username-filter attribute="samaccountname"/>
                          </ldap>
                      </authentication>
                  </security-realm>
      

      2. Define the following outbound connection: -

              <outbound-connections>
                  <ldap name="testLdap" url="ldap://localhost:636" search-dn="CN=mxxxxxx,OU=GenericID,OU=testUsers,DC=testServices,DC=test,DC=com" search-credential="passowrd" />
              </outbound-connections>
      

      3. Update the management interfaces to: -

              <management-interfaces>
                  <http-interface security-realm="ldap_security_realm">
                      <http-upgrade enabled="true"/>
                      <socket interface="management" port="${jboss.management.http.port:9990}"/>
                  </http-interface>
              </management-interfaces>
      

      The server fails to boot with just the following error: -

      [Host Controller] 17:56:40,052 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0034: Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details.
      

      If the management interface is then updated to reference the ManagementRealm instead the error is now: -

      [Host Controller] 18:01:48,595 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
      [Host Controller]     ("host" => "master"),
      [Host Controller]     ("core-service" => "management"),
      [Host Controller]     ("security-realm" => "ldap_security_realm")
      [Host Controller] ]) - failure description: {
      [Host Controller]     "WFLYCTL0412: Required services that are not installed:" => ["jboss.server.path.\"jboss.server.config.dir\""],
      [Host Controller]     "WFLYCTL0180: Services with missing/unavailable dependencies" => ["org.wildfly.core.management.security.realm.ldap_security_realm.key-manager is missing [jboss.server.path.\"jboss.server.config.dir\"]"]
      [Host Controller] }
      

      This error is expected as the realm defined in step 1 referenced an invalid path.

      I believe the error reporting should come from this method: -
      org.jboss.as.controller.ServiceVerificationHelper.execute(OperationContext, ModelNode)
      However something seems to have changes with the MSC migration.

      This was recently encountered debugging the bug report in https://issues.redhat.com/browse/WFCORE-4820, if you see an error "Multiple CallbackHandlerServices for the same mechanism (PLAIN)" that has been covered by WFCORE-4820.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ropalka Richard Opalka
                  Reporter:
                  dlofthouse Darran Lofthouse
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated: