[JBoss JIRA] (WFCORE-2016) Change sasl-authentication-factor for management auth works after reload, but not after server restart
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2016?page=com.atlassian.jira.plugi... ]
Kabir Khan updated WFCORE-2016:
-------------------------------
Fix Version/s: 3.0.0.Beta13
(was: 3.0.0.Beta12)
> Change sasl-authentication-factor for management auth works after reload, but not after server restart
> ------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2016
> URL: https://issues.jboss.org/browse/WFCORE-2016
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Reporter: Zach Rhoads
> Assignee: Darran Lofthouse
> Fix For: 3.0.0.Beta13
>
>
> I can successfully configure a new sasl-authentication-factory and assign it to the management interface:
> {code}
> /subsystem=elytron/filesystem-realm=exampleFsRealm:add(path=fs-realm-users,relative-to=jboss.server.config.dir)
> /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add()
> /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:set-password(clear={password="password123"})
> /subsystem=elytron/filesystem-realm=exampleFsRealm/identity=user1:add-attribute(name=Roles, value=["Admin","Guest"])
> /subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
> /subsystem=elytron/security-domain=exampleFsSD:add(realms=[{realm=exampleFsRealm,role-decoder=from-roles-attribute}],default-realm=exampleFsRealm,permission-mapper=login-permission-mapper)
> /subsystem=elytron/sasl-authentication-factory=example-sasl-auth:add(sasl-server-factory=configured,security-domain=exampleFsSD,mechanism-configurations=[{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=exampleSaslRealm}]}])
> /core-service=management/management-interface=http-interface:write-attribute(name=http-upgrade.sasl-authentication-factory, value=example-sasl-auth)
> reload
> {code}
> after reload, i am forced to re-authenticate and it succeeds:
> {code}
> [standalone@localhost:9990 /] reload
> Authenticating against security realm: exampleSaslRealm
> Username: user1
> Password:
> [standalone@localhost:9990 /]
> {code}
> Once i restart the server though and try to connect, i get a timeout:
> {code}
> $ ./jboss-cli.sh -c
> Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out
> {code}
> It also fails if i force no local auth:
> {code}
> $ ./jboss-cli.sh -c --no-local-auth
> Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out: WFLYPRT0023: Could not connect to remote+http://localhost:9990. The connection timed out
> {code}/
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years
[JBoss JIRA] (WFCORE-2068) HTTPSConnectionWithCLITestCase and HTTPSManagementInterfaceTestCase Failing Due To Native Protocol Issue
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2068?page=com.atlassian.jira.plugi... ]
Kabir Khan updated WFCORE-2068:
-------------------------------
Fix Version/s: 3.0.0.Beta13
(was: 3.0.0.Beta12)
> HTTPSConnectionWithCLITestCase and HTTPSManagementInterfaceTestCase Failing Due To Native Protocol Issue
> --------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-2068
> URL: https://issues.jboss.org/browse/WFCORE-2068
> Project: WildFly Core
> Issue Type: Bug
> Components: Remoting, Test Suite
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Blocker
> Fix For: 3.0.0.Beta13
>
>
> The listed test case is failing during clean up with the following error: -
> {noformat}
> java.io.IOException: java.io.IOException: WFLYPRT0054: Channel closed
> at org.jboss.as.protocol.mgmt.ManagementClientChannelStrategy$Establishing.getChannel(ManagementClientChannelStrategy.java:166)
> at org.jboss.as.controller.client.impl.RemotingModelControllerClient.getOrCreateChannel(RemotingModelControllerClient.java:135)
> at org.jboss.as.controller.client.impl.RemotingModelControllerClient$1.getChannel(RemotingModelControllerClient.java:59)
> at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:135)
> at org.jboss.as.protocol.mgmt.ManagementChannelHandler.executeRequest(ManagementChannelHandler.java:110)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeRequest(AbstractModelControllerClient.java:263)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:168)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.executeForResult(AbstractModelControllerClient.java:147)
> at org.jboss.as.controller.client.impl.AbstractModelControllerClient.execute(AbstractModelControllerClient.java:80)
> {noformat}
> The stage of the test using HTTP Upgrade over a HTTPS connection appears to be working fine, the issue is with the native management interface used for test clean up.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years
[JBoss JIRA] (WFCORE-2521) TLS between domain and host controllers does not work
by Kabir Khan (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2521?page=com.atlassian.jira.plugi... ]
Kabir Khan updated WFCORE-2521:
-------------------------------
Fix Version/s: 3.0.0.Beta13
(was: 3.0.0.Beta12)
> TLS between domain and host controllers does not work
> -----------------------------------------------------
>
> Key: WFCORE-2521
> URL: https://issues.jboss.org/browse/WFCORE-2521
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: domain-management, domain-mode, eap71_alpha, regression, ssl
> Fix For: 3.0.0.Beta13
>
>
> This is regression against EAP 7.0 . Customers relying on this feature won't be able to migrate to EAP 7.1.
> Working configuration of TLS between domain and host controller from EAP 7.0 (legacy) does not work on EAP 7.1 anymore.
> In server log there is this error:
> {code:title=server.log}
> [Host Controller] Caused by: java.io.IOException: Client starting STARTTLS but channel doesn't support SSL
> [Host Controller] at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:527)
> [Host Controller] at org.jboss.remoting3.remote.ClientConnectionOpenListener$StartTls.handleEvent(ClientConnectionOpenListener.java:477)
> [Host Controller] at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> [Host Controller] at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
> [Host Controller] at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
> [Host Controller] at org.xnio.nio.WorkerThread.run(WorkerThread.java:567)
> [Host Controller] at ...asynchronous invocation...(Unknown Source)
> [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:466)
> [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:437)
> [Host Controller] at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:430)
> [Host Controller] at org.jboss.as.protocol.ProtocolConnectionUtils.connect(ProtocolConnectionUtils.java:163)
> [Host Controller] at org.jboss.as.protocol.ProtocolConnectionUtils.connectSync(ProtocolConnectionUtils.java:119)
> [Host Controller] ... 9 more
> {code}
> See attached server.log for context log.
> Tests in wildfly-core covering this scenario are currently ignored:
> * SSLMasterSlaveOneWayTestCase is ignored by WFCORE-1978
> * SSLMasterSlaveTwoWayTestCase is ignored by WFCORE-2068
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
7 years