[JBoss JIRA] (SECURITY-815) NegotiationAuthenticator loses post data
by RH Bugzilla Integration (JIRA)
[ https://issues.jboss.org/browse/SECURITY-815?page=com.atlassian.jira.plug... ]
RH Bugzilla Integration updated SECURITY-815:
---------------------------------------------
Bugzilla Update: Perform
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1030053
> NegotiationAuthenticator loses post data
> ----------------------------------------
>
> Key: SECURITY-815
> URL: https://issues.jboss.org/browse/SECURITY-815
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Affects Versions: Negotiation_2_2_5
> Reporter: Derek Horton
> Assignee: Darran Lofthouse
>
> The NegotiationAuthenticator loses post data.
> A customer is attempting to use Negotiation along with PicketLink at the IDP. This works fine as long as the SP is using HTTP-Redirect SAML binding.
> If the SP is using HTTP-Redirect, then this issue is avoided as the SAMLRequest is passed along through the redirects on the URL.
> If the HTTP-POST binding is used, then the NegotiationAuthenticator will lose the SAMLRequest post parameter. This means that after a user is successfully authenticated, the IDP will not know where to redirect the user to. As a result, the user will be left at the IDP index.html page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (SECURITY-815) NegotiationAuthenticator loses post data
by Derek Horton (JIRA)
Derek Horton created SECURITY-815:
-------------------------------------
Summary: NegotiationAuthenticator loses post data
Key: SECURITY-815
URL: https://issues.jboss.org/browse/SECURITY-815
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Negotiation
Affects Versions: Negotiation_2_2_5
Reporter: Derek Horton
Assignee: Darran Lofthouse
The NegotiationAuthenticator loses post data.
A customer is attempting to use Negotiation along with PicketLink at the IDP. This works fine as long as the SP is using HTTP-Redirect SAML binding.
If the SP is using HTTP-Redirect, then this issue is avoided as the SAMLRequest is passed along through the redirects on the URL.
If the HTTP-POST binding is used, then the NegotiationAuthenticator will lose the SAMLRequest post parameter. This means that after a user is successfully authenticated, the IDP will not know where to redirect the user to. As a result, the user will be left at the IDP index.html page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (SECURITY-814) Correct the JBoss Negotiation project hierarchy
by Darran Lofthouse (JIRA)
Darran Lofthouse created SECURITY-814:
-----------------------------------------
Summary: Correct the JBoss Negotiation project hierarchy
Key: SECURITY-814
URL: https://issues.jboss.org/browse/SECURITY-814
Project: PicketBox
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: Negotiation_2_3_0_CR1
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: Negotiation_2_3_0_Final
The build outputs the following: -
{code}
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-project:pom:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ line 3, column 11
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-common:jar:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' of POM org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT (/home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml) points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT, /home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml, line 3, column 11
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-extras:jar:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' of POM org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT (/home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml) points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT, /home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml, line 3, column 11
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-net:jar:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' of POM org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT (/home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml) points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT, /home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml, line 3, column 11
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-ntlm:jar:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' of POM org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT (/home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml) points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT, /home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml, line 3, column 11
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-spnego:jar:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' of POM org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT (/home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml) points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT, /home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml, line 3, column 11
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-toolkit:war:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' of POM org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT (/home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml) points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT, /home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml, line 3, column 11
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.jboss.security:jboss-negotiation-main:pom:2.3.0.Final-SNAPSHOT
[WARNING] 'parent.relativePath' of POM org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT (/home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml) points at org.jboss.security:jboss-negotiation-main instead of org.jboss:jboss-parent, please verify your project structure @ org.jboss.security:jboss-negotiation-project:2.3.0.Final-SNAPSHOT, /home/darranl/src/wildfly/jboss-negotiation/parent/pom.xml, line 3, column 11
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-3200) Support Jackson 2 out of the box
by Nathaniel A. Johnson (JIRA)
Nathaniel A. Johnson created WFLY-3200:
------------------------------------------
Summary: Support Jackson 2 out of the box
Key: WFLY-3200
URL: https://issues.jboss.org/browse/WFLY-3200
Project: WildFly
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: REST
Reporter: Nathaniel A. Johnson
Assignee: Stuart Douglas
Priority: Minor
Wildfly can be configured to allow access to the native Jackson API. In order to accomplish this, you have to add a jboss-deployment-structure.xml that contains the following:
<jboss-deployment-structure>
<deployment>
<exclusions>
<module name="org.jboss.resteasy.resteasy-jackson-provider"/>
</exclusions>
<dependencies>
<module name="org.jboss.resteasy.resteasy-jackson2-provider" services="import"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
It would be better if Jackson 2 were the default provider and this were not necessary.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-3048) "Local" authentication fails when LDAP is used for ManagementRealm
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFLY-3048?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse commented on WFLY-3048:
----------------------------------------
Unfortunately the LDAP authorization configuration is omitted so it is difficult to see how exactly that was defined, when testing was performed to define a different username for the local mechanism that should match in LDAP group loading one thing that could have been missing is the <username-to-dn /> definition in the <ldap /> section of <authorization />. The purpose of that section is to define how to take the username from a non-ldap based authentication and convert it into a distinguished name, unless force is specified typically we would skip the second search and use a cached result from the ldap based authentication but of course that is not possible if the mechanism used was <local />
Regarding the general problem I am going to add a new attribute skip-group-loading="..." with a default of 'false' to the <local /> element within <authentication /> - if this attribute is set to true then provided the local mechanism was used for authentication then the group loading step will be skipped.
Note: A default of true may make more sense for this attribute, unfortunately we have already shipped where that is not the default setting and users could be relying on us performing group loading so we will need the default value to be 'false' - in the config we ship however we can set this to true.
> "Local" authentication fails when LDAP is used for ManagementRealm
> ------------------------------------------------------------------
>
> Key: WFLY-3048
> URL: https://issues.jboss.org/browse/WFLY-3048
> Project: WildFly
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Security
> Affects Versions: 8.0.0.Final
> Environment: Ubuntu 13.04, Xeon-based VPS
> Reporter: Matt Jensen
> Assignee: Darran Lofthouse
> Fix For: 8.0.1.Final
>
>
> When LDAP is used for authentication in ManagementRealm, "local" authentication, which is enabled in configuration for the realm, appears to stop working.
> I have configured my ManagementRealm to use LDAP for authentication of remote clients. However, I also need to allow local authentication without a username and password, for when jboss-cli is invoked from the command line on the server. This is needed in order for the wildfly-init-debian.sh script to shut down the server. I have configured the ManagementRealm as follows:
> <security-realm name="ManagementRealm">
> <authentication>
> <local default-user="$local" />
> <ldap connection="..." base-dn="ou=accounts,dc=..." recursive="false">
> ...
> </ldap>
> </authentication>
> <authorization map-groups-to-roles="false">
> <ldap connection="...">
> ...
> </ldap>
> </authorization>
> </security-realm>
> I left out most of the LDAP configuration because I don't think it is important for this issue. LDAP authentication works fine for remote clients. In fact, it works fine for local clients as well--when I invoke jboss-cli with LDAP authentication enabled, it prompts for a username and password; if I enter a valid combination from the LDAP directory, jboss-cli connects successfully and executes its command.
> The problem is that I need it to NOT prompt for a username and password when jboss-cli is invoked locally. Which, I believe, is how things are supposed to work when "local" authentication is also enabled; it just doesn't work that way when LDAP is enabled for the same realm.
> If I comment out the <ldap .../> element in <authentication> for the realm, local authentication starts working again. I can invoke jboss-cli locally and the command is carried out without a username and password prompt. Re-enable LDAP, with no other configuration changes, and again it flips back to requiring a username and password.
> I have tried replacing "$local" in the @default-user element of the <local> element with a valid name from the LDAP directory, both as a simple username and as a full DN, and jboss-cli still prompts for a username and password.
> The modification date on the [tmp/auth] directory changes when I run jboss-cli with LDAP in place and get the username/password prompt, so it appears that the client is putting a token in there to try to use local authentication. The server just never picks it up.
> The documentation specifically mentions that <local/> should work along with <ldap/> here:
> https://docs.jboss.org/author/display/WFLY8/Security+Realms
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months
[JBoss JIRA] (WFLY-3199) Remove external BOM from jboss-as-parent
by Paul Gier (JIRA)
Paul Gier created WFLY-3199:
-------------------------------
Summary: Remove external BOM from jboss-as-parent
Key: WFLY-3199
URL: https://issues.jboss.org/browse/WFLY-3199
Project: WildFly
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: Build System
Reporter: Paul Gier
Assignee: Paul Gier
Fix For: 8.0.1.Final
The jboss-as-parent pom currently depends on an external BOM (apacheds-parent) to get some dependency versions. This means that it's not obvious which version is used for some dependencies. And it's possible that a version could be unintentionally upgraded.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
12 years, 3 months