March 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2396) credential-store and authentication-context in Elytron dir-context should be mutually exclusive

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2396?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-8172 to WFCORE-2396: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2396 (was: WFLY-8172) Component/s: Security (was: Security) > credential-store and authentication-context in Elytron dir-context should be mutually exclusive > ----------------------------------------------------------------------------------------------- > > Key: WFCORE-2396 > URL: https://issues.jboss.org/browse/WFCORE-2396 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Critical > > To avoid possibility when two different credentials are configured in Elytron dir-context, its attributes credential-store and authentication-context should be mutually exclusive. > This jira is based on discussion in JBEAP-8026. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2391) No log messages comming from Elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2391?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7126 to WFCORE-2391: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2391 (was: WFLY-7126) Component/s: Security (was: Security) > No log messages comming from Elytron > ------------------------------------ > > Key: WFCORE-2391 > URL: https://issues.jboss.org/browse/WFCORE-2391 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Josef Cacek > Assignee: Ingo Weiss > Priority: Critical > > Elytron functionality is not covered (sufficiently) by log messages. > The log messages are cornerstone for customers when they're investigating configuration or functional issues. > Even when enabling {{TRACE}} log-level I was seeing No log messages coming from Elytron when I was configuring web authentication. When authentication fails it's not clear what's wrong - if password is invalid or permission mapper doesn't work or something else happened. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2392) Remoting EJB identity propagation does not work with Elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2392?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7778 to WFCORE-2392: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2392 (was: WFLY-7778) Component/s: Security (was: Security) > Remoting EJB identity propagation does not work with Elytron > ------------------------------------------------------------ > > Key: WFCORE-2392 > URL: https://issues.jboss.org/browse/WFCORE-2392 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Jan Kalina > Assignee: Jan Kalina > Priority: Critical > Labels: elytron-legacy-test-fails > > Even througth succesful obtaining LoginContext, identity is not propagated in EJB call. > Identity is unauthorized on server side. > *Remoting does not work because it is not implemented yet* - this issue created primary for tests ignore issue reference. > Often error message: > {code:java} > SaslException: Authentication failed: all available authentication mechanisms failed: > JBOSS-LOCAL-USER: Server rejected authentication > DIGEST-MD5: Server rejected authentication] > at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2393) Elytron expects certificate in PEM format as user input

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2393?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7572 to WFCORE-2393: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2393 (was: WFLY-7572) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Elytron expects certificate in PEM format as user input > ------------------------------------------------------- > > Key: WFCORE-2393 > URL: https://issues.jboss.org/browse/WFCORE-2393 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Assignee: Pedro Igor > Labels: user_experience > > In {{/token-realm/public-key}} attribute there is certificate in PEM format expected, which I consider to be user un-friendly. > I wonder couldn't that be accomplished by leveraging key-store/trust-manager capability? > {code} > "public-key" => { > "type" => STRING, > "description" => "A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.", > "expressions-allowed" => false, > "nillable" => true, > "min-length" => 1L, > "max-length" => 2147483647L > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2386) Legacy Kerberos in management, unable to configure fallback authentication.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2386?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7993 to WFCORE-2386: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2386 (was: WFLY-7993) Component/s: Security (was: Security) > Legacy Kerberos in management, unable to configure fallback authentication. > --------------------------------------------------------------------------- > > Key: WFCORE-2386 > URL: https://issues.jboss.org/browse/WFCORE-2386 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Labels: regression > > In EAP 7.0 there was possible to configure fallback (e.g. BASIC) authentication, if client does not support SPNEGO authentication. In EAP 7.1 this feature does not work anymore. > In EAP 7.0 server returns multiple chalanges (Negotiate/Basic) and client could choose which he will use. > {code:title=EAP 7.0} > HTTP/1.1 401 Unauthorized > Connection: keep-alive > WWW-Authenticate: Negotiate > WWW-Authenticate: Basic realm="FallBackKerberosRealm" > X-Frame-Options: SAMEORIGIN > Content-Length: 77 > Content-Type: text/html > Date: Mon, 30 Jan 2017 11:02:45 GMT > <html><head><title>Error</title></head><body>401 - Unauthorized</body></html> > {code} > In EAP 7.1 (with same configuration) server returns only one chalange - Negotiate so client not supporting SPNEGO, can't fallback to Basic. > {code:title=EAP 7.1} > HTTP/1.1 401 Unauthorized > Connection: keep-alive > WWW-Authenticate: Negotiate > X-Frame-Options: SAMEORIGIN > Content-Length: 77 > Content-Type: text/html > Date: Mon, 30 Jan 2017 11:01:28 GMT > <html><head><title>Error</title></head><body>401 - Unauthorized</body></html> > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2387) Elytron subsystem requires user to input OIDs

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2387?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7355 to WFCORE-2387: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2387 (was: WFLY-7355) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Elytron subsystem requires user to input OIDs > --------------------------------------------- > > Key: WFCORE-2387 > URL: https://issues.jboss.org/browse/WFCORE-2387 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Martin Choma > Labels: user_experience > > On couple of places in elytron subsystem raw oids are expected from user input, e.g. {{2.5.4.4}} . Is there chance some aliasing could be introduced? So for example human readable {{surname}} can be used? > * kerberos-security-factory > ** mechanism-oids > * x500-principal-decoder > ** oid > ** required-oids -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2388) Elytron key-managers requires set credential-reference which is wrongly marked as optional.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2388?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7435 to WFCORE-2388: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2388 (was: WFLY-7435) Component/s: Security (was: Security) > Elytron key-managers requires set credential-reference which is wrongly marked as optional. > ------------------------------------------------------------------------------------------- > > Key: WFCORE-2388 > URL: https://issues.jboss.org/browse/WFCORE-2388 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > > In EAP7.1.0.DR7 Elytron key-managers uses credential-reference with clear-text attribute for password instead of password attribute. > But there is problem with credential-reference element which is wrongly marked as optional. > Please set this element on mandatory with respect to this issue https://issues.jboss.org/browse/WFLY-7125 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2389) Definition Credential Store with non-existent storage file causes ugly failure-description with Exception.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2389?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7478 to WFCORE-2389: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2389 (was: WFLY-7478) Component/s: Security (was: Security) Fix Version/s: 4.0.0.Alpha1 (was: 11.0.0.Alpha1) > Definition Credential Store with non-existent storage file causes ugly failure-description with Exception. > ---------------------------------------------------------------------------------------------------------- > > Key: WFCORE-2389 > URL: https://issues.jboss.org/browse/WFCORE-2389 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Darran Lofthouse > Fix For: 4.0.0.Alpha1 > > > Definition Credential Store with non-existent storage file causes ugly failure-description with Exception. > When I define Credential > Store for non-existent JCEKS file > {code} > /subsystem=elytron/credential-store=cs_not_found_exception:add(uri="cr-store://test/cs/keystore-non-existent.jceks?store.password=pass123") > {code} > then I got very ugly failure description > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store-client.cs_not_found_exception" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store-client.cs_not_found_exception: WFLYELY00004: Unable to start the service. > Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09506: Cannot read credential storage file '/home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/keystore-not_exists.jceks' for the store named 'cs_not_found_exception' > Caused by: java.io.FileNotFoundException: /home/hsvabek/securityworkspace/VERIFICATION/2016_11_02_UX_testing/jboss-eap-7.1.0.DR7/standalone/data/cs/keystore-not_exists.jceks (No such file or directory)"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store-client.cs_not_found_exception"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > *Suggestion for solution* > failure-description must not contain Exception or snippet stacktrace. > Description like that "Credential store file XYZ doesn't exist. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2390) Review filesystem-realm resource in Elytron subsystem

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2390?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7180 to WFCORE-2390: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2390 (was: WFLY-7180) Component/s: Security (was: Security) Affects Version/s: 3.0.0.Beta7 (was: 11.0.0.Alpha1) > Review filesystem-realm resource in Elytron subsystem > ----------------------------------------------------- > > Key: WFCORE-2390 > URL: https://issues.jboss.org/browse/WFCORE-2390 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 3.0.0.Beta7 > Reporter: Ondrej Lukas > Assignee: Darran Lofthouse > Priority: Minor > > See description of JBEAP-6100 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2382) Doesn't work to define {EXT} command with parameters.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2382?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved WFLY-7876 to WFCORE-2382: ------------------------------------------------ Project: WildFly Core (was: WildFly) Key: WFCORE-2382 (was: WFLY-7876) Component/s: Security (was: Security) > Doesn't work to define {EXT} command with parameters. > ----------------------------------------------------- > > Key: WFCORE-2382 > URL: https://issues.jboss.org/browse/WFCORE-2382 > Project: WildFly Core > Issue Type: Bug > Components: Security > Reporter: Hynek Švábek > Assignee: Peter Skopek > > Doesn't work to define {EXT} command with parameters. > For {CMD} is everything OK. > *You can try it by this command (you must replace path to some real file).* > /subsystem=elytron/credential-store=CredStore011:add(uri="cr-store://test/cs999.jceks", credential-reference={type=COMMAND, clear-text="{EXT}/real/path/to/script/pass-ely.sh par011"}) > *Result is this error msg:* > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.CredStore011" => "org.jboss.msc.service.StartException in service org.wildfly.security.credential-store.CredStore011: WFLYELY00004: Unable to start the service. > Caused by: java.io.IOException: Cannot run program \"/real/path/to/script/pass-ely.sh par011\": error=2, No such file or directory > Caused by: java.io.IOException: error=2, No such file or directory"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.credential-store.CredStore011"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira March 2017