Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-5544

Servers unable to connect in domain mode with Elytron without local auth

XMLWordPrintable

    • undefined

      When the management interface of the host controller is configured to use the Elytron sasl authentication factory, disabling local auth prevents the servers from connecting back:

      /host=master/subsystem=elytron/sasl-authentication-factory=management-sasl-authentication:write-attribute(name=mechanism-configurations, value=[{mechanism-name=DIGEST-MD5, mechanism-realm-configurations=[{realm-name=ManagementRealm}]}]

      
[Server:server-two] 11:45:59,654 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: java.util.concurrent.ExecutionException: JBTHR00005: Operation failed
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.ServerStartTask$2$1.load(ServerStartTask.java:187)
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.ServerService.boot(ServerService.java:400)
[Server:server-two]     at org.jboss.as.controller@17.0.0.Beta5-SNAPSHOT//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:417)
[Server:server-two]     at java.base/java.lang.Thread.run(Thread.java:829)
[Server:server-two] Caused by: java.util.concurrent.ExecutionException: JBTHR00005: Operation failed
[Server:server-two]     at org.jboss.threads@2.4.0.Final//org.jboss.threads.AsyncFutureTask.get(AsyncFutureTask.java:253)
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.mgmt.domain.ServerBootOperationsService$2.get(ServerBootOperationsService.java:113)
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.mgmt.domain.ServerBootOperationsService$2.get(ServerBootOperationsService.java:95)
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.ServerStartTask$2$1.load(ServerStartTask.java:184)
[Server:server-two]     ... 3 more
[Server:server-two] Caused by: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://127.0.0.1:9990. The connection failed
[Server:server-two]     at org.jboss.as.protocol@17.0.0.Beta5-SNAPSHOT//org.jboss.as.protocol.ProtocolConnectionUtils.checkFuture(ProtocolConnectionUtils.java:145)
[Server:server-two]     at org.jboss.as.protocol@17.0.0.Beta5-SNAPSHOT//org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:125)
[Server:server-two]     at org.jboss.as.protocol@17.0.0.Beta5-SNAPSHOT//org.jboss.as.protocol.ProtocolConnectionManager$EstablishingConnection.connect(ProtocolConnectionManager.java:259)
[Server:server-two]     at org.jboss.as.protocol@17.0.0.Beta5-SNAPSHOT//org.jboss.as.protocol.ProtocolConnectionManager.connect(ProtocolConnectionManager.java:70)
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.mgmt.domain.HostControllerConnection.openConnection(HostControllerConnection.java:128)
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.mgmt.domain.HostControllerClient.resolveBootUpdates(HostControllerClient.java:112)
[Server:server-two]     at org.jboss.as.server@17.0.0.Beta5-SNAPSHOT//org.jboss.as.server.mgmt.domain.ServerBootOperationsService$1.run(ServerBootOperationsService.java:68)
[Server:server-two]     at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
[Server:server-two]     at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
[Server:server-two]     at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
[Server:server-two]     at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
[Server:server-two]     at java.base/java.lang.Thread.run(Thread.java:829)
[Server:server-two]     at org.jboss.threads@2.4.0.Final//org.jboss.threads.JBossThread.run(JBossThread.java:513)
[Server:server-two] Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
[Server:server-two]    DIGEST-MD5: javax.security.sasl.SaslException: ELY05080: Callback handler not provided user name
[Server:server-two]     at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109)
[Server:server-two]     at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:401)
[Server:server-two]     at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:244)
[Server:server-two]     at org.jboss.xnio@3.8.4.Final//org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
[Server:server-two]     at org.jboss.xnio@3.8.4.Final//org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
[Server:server-two]     at org.jboss.xnio.nio@3.8.4.Final//org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
[Server:server-two]     at org.jboss.xnio.nio@3.8.4.Final//org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
[Server:server-two]     at ...asynchronous invocation...(Unknown Source)
[Server:server-two]     at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:599)
[Server:server-two]     at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:561)
[Server:server-two]     at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:549)
[Server:server-two]     at org.jboss.as.protocol@17.0.0.Beta5-SNAPSHOT//org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:227)
[Server:server-two]     at org.jboss.as.protocol@17.0.0.Beta5-SNAPSHOT//org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:121)
[Server:server-two]     ... 11 more
[Server:server-two]     Suppressed: javax.security.sasl.SaslException: ELY05080: Callback handler not provided user name
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.mechanism.digest.PasswordDigestObtainer.getPredigestedSaltedPassword(PasswordDigestObtainer.java:154)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.mechanism.digest.PasswordDigestObtainer.handleUserRealmPasswordCallbacks(PasswordDigestObtainer.java:106)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.digest.AbstractDigestMechanism.handleUserRealmPasswordCallbacks(AbstractDigestMechanism.java:194)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.digest.DigestSaslClient.createResponse(DigestSaslClient.java:214)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.digest.DigestSaslClient.evaluateMessage(DigestSaslClient.java:339)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:220)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.digest.DigestSaslClient.evaluateChallenge(DigestSaslClient.java:323)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
[Server:server-two]             at java.base/java.security.AccessController.doPrivileged(Native Method)
[Server:server-two]             at org.wildfly.security.elytron-base@1.16.1.Final//org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
[Server:server-two]             at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:674)
[Server:server-two]             at org.jboss.remoting@5.0.23.Final//org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991)
[Server:server-two]             at org.jboss.threads@2.4.0.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
[Server:server-two]             at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
[Server:server-two]             at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
[Server:server-two]             at org.jboss.threads@2.4.0.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
[Server:server-two]             at org.jboss.xnio@3.8.4.Final//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
[Server:server-two]             at java.base/java.lang.Thread.run(Thread.java:829)

              darran.lofthouse@redhat.com Darran Lofthouse
              darran.lofthouse@redhat.com Darran Lofthouse
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: