-
Bug
-
Resolution: Done
-
Major
-
27.0.1.Final
Since Oracle Java SE 8u351, we start to see test failures from AdvancedLdapLoginModuleTestCase and SPNEGOLoginModuleTestCase (both testes were removed in upstream WFLY) in one of our downstream CI machine. i.e.
javax.security.auth.login.LoginException: no supported default etypes for default_tkt_enctypes at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:810) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.jboss.as.test.integration.security.common.Utils.loginWithKerberos(Utils.java:1187) at org.jboss.as.test.integration.security.common.Utils.makeCallWithKerberosAuthn(Utils.java:631) at org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.testDeployment(AdvancedLdapLoginModuleTestCase.java:292) at org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test1(AdvancedLdapLoginModuleTestCase.java:218) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:59) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:56) at org.jboss.arquillian.junit.Arquillian$8$1.invokeMethod(Arquillian.java:325) at org.jboss.arquillian.junit.MethodInvoker$1.invoke(MethodInvoker.java:18) at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:57) at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105) at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:62) at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:50) at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:128) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:118) at sun.reflect.GeneratedMethodAccessor16.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:116) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:83) at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:69) at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133) at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:139) at org.jboss.arquillian.junit.MethodInvoker.invoke(MethodInvoker.java:15) at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:332) at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:204) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:350) at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:215) at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:279) at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:88) at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:66) at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:90) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:128) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:114) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:116) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:83) at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:69) at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:86) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:95) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:133) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:105) at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159) at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:273) at org.junit.runners.BlockJUnit4ClassRunner$1.evaluate(BlockJUnit4ClassRunner.java:100) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:366) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:103) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:63) at org.junit.runners.ParentRunner$4.run(ParentRunner.java:331) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:79) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:329) at org.junit.runners.ParentRunner.access$100(ParentRunner.java:66) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:293) at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:166) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:350) at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:54) at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:177) at org.junit.runners.ParentRunner$3.evaluate(ParentRunner.java:306) at org.junit.runners.ParentRunner.run(ParentRunner.java:413) at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:115) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:365) at org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:273) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:159) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:384) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:345) at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:126) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:418) Caused by: KrbException: no supported default etypes for default_tkt_enctypes at sun.security.krb5.Config.defaultEtype(Config.java:880) at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:249) at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:262) at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:334) at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:488) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:772) ... 137 more
The cause is Deprecate 3DES and RC4 in Kerberos (JDK-8139348). The RN mentions that "Users can set allow_weak_crypto = true in the krb5.conf configuration file to re-enable" This is actually what we have already configured in https://github.com/wildfly/wildfly/blob/27.0.1.Final/testsuite/shared/src/main/resources/org/jboss/as/test/integration/security/common/krb5.conf#LL8 for our testsuite. But the value is incorrect, it should be allow_weak_crypto = true instead.
The allow_weak_crypto attribuet is described here https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html#libdefaults
- is cloned by
-
JBEAP-24658 (7.4.z) WFLY-17768 - Incorrect allow_weak_crypto value in testsuite krb5.conf file
- Closed