[JBoss JIRA] (ELY-1071) Credential-store, User isn't able to use masked password from Wildfly-elytron-tool.
by Hynek Švábek (JIRA)
[ https://issues.jboss.org/browse/ELY-1071?page=com.atlassian.jira.plugin.s... ]
Hynek Švábek updated ELY-1071:
------------------------------
Description:
User isn't able to use masked password from Wildfly-elytron-tool.
When I generate masked password through tool from EAP7.1.0.DR15 it's worked!
I expect that I will be able to use masked string from actual version of wildfly-elytron-tool.
*How to reproduce*
{code}
java -jar wildfly-elytron-tool.jar mask -x secret_password -s 12345678 -i 230
MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230
{code}
{code}
[standalone@localhost:9990 /] /subsystem=elytron/credential-store=csmasked002:add(uri="cr-store://csmasked002.jceks?create=true", credential-reference={clear-text="MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230"})
{
"outcome" => "failed",
"failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.csmasked002" => "WFLYELY00004: Unable to start the service.
Caused by: java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded"}},
"rolled-back" => true
}
{code}
*NOTE:*
When I use in DR16 masked string from DR15 then it's working. And password in plain text is original one -> "secret_password".
was:
User isn't able to use masked password from Wildfly-elytron-tool.
When I generate masked password through tool from EAP7.1.0.DR15 it's worked!
I expect that I will be able to use masked string from actual version wildfly-elytron-tool.
*How to reproduce*
{code}
java -jar wildfly-elytron-tool.jar mask -x secret_password -s 12345678 -i 230
MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230
{code}
{code}
[standalone@localhost:9990 /] /subsystem=elytron/credential-store=csmasked002:add(uri="cr-store://csmasked002.jceks?create=true", credential-reference={clear-text="MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230"})
{
"outcome" => "failed",
"failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.csmasked002" => "WFLYELY00004: Unable to start the service.
Caused by: java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded"}},
"rolled-back" => true
}
{code}
*NOTE:*
When I use in DR16 masked string from DR15 then it's working. And password in plain text is original one -> "secret_password".
> Credential-store, User isn't able to use masked password from Wildfly-elytron-tool.
> -----------------------------------------------------------------------------------
>
> Key: ELY-1071
> URL: https://issues.jboss.org/browse/ELY-1071
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> User isn't able to use masked password from Wildfly-elytron-tool.
> When I generate masked password through tool from EAP7.1.0.DR15 it's worked!
> I expect that I will be able to use masked string from actual version of wildfly-elytron-tool.
> *How to reproduce*
> {code}
> java -jar wildfly-elytron-tool.jar mask -x secret_password -s 12345678 -i 230
> MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230
> {code}
> {code}
> [standalone@localhost:9990 /] /subsystem=elytron/credential-store=csmasked002:add(uri="cr-store://csmasked002.jceks?create=true", credential-reference={clear-text="MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230"})
> {
> "outcome" => "failed",
> "failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.csmasked002" => "WFLYELY00004: Unable to start the service.
> Caused by: java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded
> Caused by: javax.crypto.BadPaddingException: Given final block not properly padded"}},
> "rolled-back" => true
> }
> {code}
> *NOTE:*
> When I use in DR16 masked string from DR15 then it's working. And password in plain text is original one -> "secret_password".
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-1071) Credential-store, User isn't able to use masked password from Wildfly-elytron-tool.
by Hynek Švábek (JIRA)
Hynek Švábek created ELY-1071:
---------------------------------
Summary: Credential-store, User isn't able to use masked password from Wildfly-elytron-tool.
Key: ELY-1071
URL: https://issues.jboss.org/browse/ELY-1071
Project: WildFly Elytron
Issue Type: Bug
Reporter: Hynek Švábek
Assignee: Darran Lofthouse
Priority: Blocker
User isn't able to use masked password from Wildfly-elytron-tool.
When I generate masked password through tool from EAP7.1.0.DR15 it's worked!
I expect that I will be able to use masked string from EAP7.1.0.DR15 wildfly-elytron-tool.
{code}
java -jar wildfly-elytron-tool.jar mask -x secret_password -s 12345678 -i 230
MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230
{code}
{code}
[standalone@localhost:9990 /] /subsystem=elytron/credential-store=csmasked002:add(uri="cr-store://csmasked002.jceks?create=true", credential-reference={clear-text="MASK-1GhfMaq4jSY0.kFFU3QG4T;12345678;230"})
{
"outcome" => "failed",
"failure-description" => {"WFLYCTL0080: Failed services" => {"org.wildfly.security.credential-store.csmasked002" => "WFLYELY00004: Unable to start the service.
Caused by: java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded"}},
"rolled-back" => true
}
{code}
*NOTE:*
When I use in DR16 masked string from DR15 then it's working. And password in plain text is original one -> "secret_password".
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2647) Add an option to always send the client SSL certificate to LDAP server
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2647?page=com.atlassian.jira.plugi... ]
Darran Lofthouse commented on WFCORE-2647:
------------------------------------------
Actually in the older versions using the OperationStepHandler is an absolute requirement.
The system property is only a work around to compensate for being unable to make a management model change. If system property evaluation were to happen at runtime you then get a difference in behaviour between the correct approach of using the management model and the workaround approach of using the system property.
> Add an option to always send the client SSL certificate to LDAP server
> ----------------------------------------------------------------------
>
> Key: WFCORE-2647
> URL: https://issues.jboss.org/browse/WFCORE-2647
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Reporter: Peter Palaga
> Assignee: Peter Palaga
>
> This is the component issue for https://issues.jboss.org/browse/JBEAP-4439 and https://bugzilla.redhat.com/show_bug.cgi?id=1327758
> The present code in {{LdapConnectionManagerService}} was designed so that the client cert is sent to authenticate the search account but during the username / password verification step, the client cert is not sent.
> The present objective is to add an option (that will default to the old behavior) to send the client password also during the username / password verification.
> This includes (citing [~dlofthouse]):
> * Implement management model based configuration and an implementation for the current version
> * Port back to older versions using a system property.
> * Forward port the system property to the current version for compatibility.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2647) Add an option to always send the client SSL certificate to LDAP server
by Peter Palaga (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2647?page=com.atlassian.jira.plugi... ]
Peter Palaga commented on WFCORE-2647:
--------------------------------------
bq. The system property should only be resolved within the OperationStepHandler - it should not be dynamically resolved at runtime.
+1 for the fix in the current version.
I suppose touching OperationStepHandler is not necessarily a requirement for older versions where we want only the sys prop without management model changes, right?
> Add an option to always send the client SSL certificate to LDAP server
> ----------------------------------------------------------------------
>
> Key: WFCORE-2647
> URL: https://issues.jboss.org/browse/WFCORE-2647
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Reporter: Peter Palaga
> Assignee: Peter Palaga
>
> This is the component issue for https://issues.jboss.org/browse/JBEAP-4439 and https://bugzilla.redhat.com/show_bug.cgi?id=1327758
> The present code in {{LdapConnectionManagerService}} was designed so that the client cert is sent to authenticate the search account but during the username / password verification step, the client cert is not sent.
> The present objective is to add an option (that will default to the old behavior) to send the client password also during the username / password verification.
> This includes (citing [~dlofthouse]):
> * Implement management model based configuration and an implementation for the current version
> * Port back to older versions using a system property.
> * Forward port the system property to the current version for compatibility.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-1070) Elytron, WWW-Authenticate Negotiate header is send although SPNEGO is misconfigured
by Martin Choma (JIRA)
[ https://issues.jboss.org/browse/ELY-1070?page=com.atlassian.jira.plugin.s... ]
Martin Choma updated ELY-1070:
------------------------------
Attachment: kerberos_http_interface.pcap
> Elytron, WWW-Authenticate Negotiate header is send although SPNEGO is misconfigured
> -----------------------------------------------------------------------------------
>
> Key: ELY-1070
> URL: https://issues.jboss.org/browse/ELY-1070
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: kerberos
> Attachments: kerberos_http_interface.pcap
>
>
> If SPNEGO is misconfigured Negotiate header is still send back to client, although SPNEGO can't be used.
> {code}
> 13:19:20,861 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling AvailableRealmsCallback: realms = [fileSystemFallbackRealm]
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='CLIENT_CERT' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost.localdomain', protocol='http'.
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='DIGEST' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='DIGEST', hostName='localhost.localdomain', protocol='http'.
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost.localdomain', protocol='http'.
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http'
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Evaluating SPNEGO request: cached GSSContext = null
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Obtaining GSSCredential for the service from callback handler...
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) No valid cached credential, obtaining new one...
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using LoginContext and subject [Subject:
> ]
> 13:19:20,863 INFO [stdout] (management task-6) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab refreshKrb5Config is false principal is HTTP/wronghost(a)JBOSS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
> 13:19:20,863 INFO [stdout] (management task-6) principal is HTTP/wronghost(a)JBOSS.ORG
> 13:19:20,863 INFO [stdout] (management task-6) Will use keytab
> 13:19:20,863 INFO [stdout] (management task-6) Commit Succeeded
> 13:19:20,863 INFO [stdout] (management task-6)
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using LoginContext and subject [Subject:
> Principal: HTTP/wronghost(a)JBOSS.ORG
> Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab for HTTP/wronghost(a)JBOSS.ORG
> ] succeed
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Creating GSSName for Principal 'HTTP/wronghost(a)JBOSS.ORG'
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f]
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Using SpnegoAuthenticationMechanism to authenticate HTTP/wronghost(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@4133c756]
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching GSSContext sun.security.jgss.GSSContextImpl@3adbbdae
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching KerberosTicket null
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Sent HTTP authorizations: [null]
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Request lacks valid authentication credentials
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost.localdomain' protocol='http'
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost.localdomain', protocol='http'.
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (ELY-1070) Elytron, WWW-Authenticate Negotiate header is send although SPNEGO is misconfigured
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1070?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse moved WFCORE-2649 to ELY-1070:
-----------------------------------------------
Project: WildFly Elytron (was: WildFly Core)
Key: ELY-1070 (was: WFCORE-2649)
Component/s: HTTP
(was: Security)
> Elytron, WWW-Authenticate Negotiate header is send although SPNEGO is misconfigured
> -----------------------------------------------------------------------------------
>
> Key: ELY-1070
> URL: https://issues.jboss.org/browse/ELY-1070
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
> Priority: Critical
> Labels: kerberos
>
> If SPNEGO is misconfigured Negotiate header is still send back to client, although SPNEGO can't be used.
> {code}
> 13:19:20,861 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling AvailableRealmsCallback: realms = [fileSystemFallbackRealm]
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='CLIENT_CERT' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost.localdomain', protocol='http'.
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='DIGEST' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='DIGEST', hostName='localhost.localdomain', protocol='http'.
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost.localdomain' protocol='http'
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost.localdomain', protocol='http'.
> 13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http'
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Evaluating SPNEGO request: cached GSSContext = null
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Obtaining GSSCredential for the service from callback handler...
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) No valid cached credential, obtaining new one...
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using LoginContext and subject [Subject:
> ]
> 13:19:20,863 INFO [stdout] (management task-6) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab refreshKrb5Config is false principal is HTTP/wronghost(a)JBOSS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
> 13:19:20,863 INFO [stdout] (management task-6) principal is HTTP/wronghost(a)JBOSS.ORG
> 13:19:20,863 INFO [stdout] (management task-6) Will use keytab
> 13:19:20,863 INFO [stdout] (management task-6) Commit Succeeded
> 13:19:20,863 INFO [stdout] (management task-6)
> 13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using LoginContext and subject [Subject:
> Principal: HTTP/wronghost(a)JBOSS.ORG
> Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab for HTTP/wronghost(a)JBOSS.ORG
> ] succeed
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Creating GSSName for Principal 'HTTP/wronghost(a)JBOSS.ORG'
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f]
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Using SpnegoAuthenticationMechanism to authenticate HTTP/wronghost(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@4133c756]
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching GSSContext sun.security.jgss.GSSContextImpl@3adbbdae
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching KerberosTicket null
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Sent HTTP authorizations: [null]
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Request lacks valid authentication credentials
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost.localdomain' protocol='http'
> 13:19:20,864 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost.localdomain', protocol='http'.
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months
[JBoss JIRA] (WFCORE-2649) Elytron, WWW-Authenticate Negotiate header is send although SPNEGO is misconfigured
by Martin Choma (JIRA)
Martin Choma created WFCORE-2649:
------------------------------------
Summary: Elytron, WWW-Authenticate Negotiate header is send although SPNEGO is misconfigured
Key: WFCORE-2649
URL: https://issues.jboss.org/browse/WFCORE-2649
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
If SPNEGO is misconfigured Negotiate header is still send back to client, although SPNEGO can't be used.
{code}
13:19:20,861 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='BASIC' host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling AvailableRealmsCallback: realms = [fileSystemFallbackRealm]
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='CLIENT_CERT' host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='CLIENT_CERT', hostName='localhost.localdomain', protocol='http'.
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='DIGEST' host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='DIGEST', hostName='localhost.localdomain', protocol='http'.
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='FORM' host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='FORM', hostName='localhost.localdomain', protocol='http'.
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http'
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Evaluating SPNEGO request: cached GSSContext = null
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Obtaining GSSCredential for the service from callback handler...
13:19:20,863 TRACE [org.wildfly.security] (management task-6) No valid cached credential, obtaining new one...
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using LoginContext and subject [Subject:
]
13:19:20,863 INFO [stdout] (management task-6) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab refreshKrb5Config is false principal is HTTP/wronghost(a)JBOSS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
13:19:20,863 INFO [stdout] (management task-6) principal is HTTP/wronghost(a)JBOSS.ORG
13:19:20,863 INFO [stdout] (management task-6) Will use keytab
13:19:20,863 INFO [stdout] (management task-6) Commit Succeeded
13:19:20,863 INFO [stdout] (management task-6)
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using LoginContext and subject [Subject:
Principal: HTTP/wronghost(a)JBOSS.ORG
Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab for HTTP/wronghost(a)JBOSS.ORG
] succeed
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Creating GSSName for Principal 'HTTP/wronghost(a)JBOSS.ORG'
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f]
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Using SpnegoAuthenticationMechanism to authenticate HTTP/wronghost(a)JBOSS.ORG using the following mechanisms: [[Lorg.ietf.jgss.Oid;@4133c756]
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching GSSContext sun.security.jgss.GSSContextImpl@3adbbdae
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching KerberosTicket null
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Sent HTTP authorizations: [null]
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Request lacks valid authentication credentials
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost.localdomain' protocol='http'
13:19:20,864 TRACE [org.wildfly.security] (management task-6) java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for mechanismType='HTTP', mechanismName='BEARER_TOKEN', hostName='localhost.localdomain', protocol='http'.
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
9 years, 3 months