May 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFCORE-2872) Upgrade JBoss Remoting to 5.0.0.Beta24

by David Lloyd (JIRA)

David Lloyd created WFCORE-2872: ----------------------------------- Summary: Upgrade JBoss Remoting to 5.0.0.Beta24 Key: WFCORE-2872 URL: https://issues.jboss.org/browse/WFCORE-2872 Project: WildFly Core Issue Type: Component Upgrade Reporter: David Lloyd Assignee: David Lloyd Fix For: 3.0.0.Beta23 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1196) PrivilegedSaslClientFactory does not construct the delegate client under the privileged block

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1196?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1196: ---------------------------------- Fix Version/s: 1.1.0.Beta48 (was: 1.1.0.Beta47) > PrivilegedSaslClientFactory does not construct the delegate client under the privileged block > --------------------------------------------------------------------------------------------- > > Key: ELY-1196 > URL: https://issues.jboss.org/browse/ELY-1196 > Project: WildFly Elytron > Issue Type: Bug > Components: SASL > Reporter: David Lloyd > Assignee: David Lloyd > Fix For: 1.1.0.Beta48 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1191) Undertow CLIENT_CERT via Elytron and HTTP/2 does not work

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1191?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1191: ---------------------------------- Fix Version/s: 1.1.0.Beta48 (was: 1.1.0.Beta47) > Undertow CLIENT_CERT via Elytron and HTTP/2 does not work > --------------------------------------------------------- > > Key: ELY-1191 > URL: https://issues.jboss.org/browse/ELY-1191 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Stuart Douglas > Assignee: Stuart Douglas > Priority: Blocker > Fix For: 1.1.0.Beta48 > > > When I setup CLIENT_CERT authentication for an application (see Steps to Reproduce) and utilize HTTP/2 protocol, I get always 403 Forbidden even in case I use correct client certificate that should allow me access to a secured content. > I can see following TRACE messages in server.log: > {code} > 2017-05-23 10:58:31,110 TRACE [org.wildfly.security] (default task-7) X500 principal [CN=client] decoded as name [client] (attribute values: [client]) > 2017-05-23 10:58:31,110 TRACE [org.wildfly.security] (default task-7) Principal assigning: [CN=client], pre-realm rewritten: [client], realm name: [ksRealm], post-realm rewritten: [client], realm rewritten: [client] > 2017-05-23 10:58:31,110 TRACE [org.wildfly.security] (default task-7) Role mapping: principal [client] -> decoded roles [] -> realm mapped roles [] -> domain mapped roles [gooduser] > 2017-05-23 10:58:31,110 TRACE [org.wildfly.security] (default task-7) Authorizing principal client. > 2017-05-23 10:58:31,110 TRACE [org.wildfly.security] (default task-7) Authorizing against the following attributes: [] => [] > 2017-05-23 10:58:31,111 TRACE [org.wildfly.security] (default task-7) Permission mapping: identity [client] with roles [gooduser] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true > 2017-05-23 10:58:31,111 TRACE [org.wildfly.security] (default task-7) Authorization succeed > 2017-05-23 10:58:31,111 TRACE [org.wildfly.security] (default task-7) Authentication succeed for principal [CN=client] > 2017-05-23 10:58:31,117 TRACE [org.wildfly.security] (default task-10) Handling MechanismInformationCallback type='HTTP' name='CLIENT_CERT' host-name='localhost' protocol='https' > 2017-05-23 10:58:31,117 TRACE [org.wildfly.security] (default task-10) CLIENT-CERT no SSL session > {code} > Authentication seems that it succeed just fine. But notice the last line - {{CLIENT-CERT no SSL session}}. > When I disable 'http2' in https-listener: > {code} > /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=enable-http2,value=false) > reload > {code} > I can now access secured content as expected. Also trace log contains different (more healthy) messages now. > This happens both when I utilize HTTP/2 with EAP 'alpn-hack' mechanism and also with ALPN provided by OpenSSL library. > As described in JBEAP-9803, Undertow needs to write into ssl-context when HTTP/2 with ALPN is utilized. Maybe this might be the source of this problem? -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1201) Release WildFly Elytron 1.1.0.Beta47

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1201?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1201. ----------------------------------- Resolution: Done > Release WildFly Elytron 1.1.0.Beta47 > ------------------------------------ > > Key: ELY-1201 > URL: https://issues.jboss.org/browse/ELY-1201 > Project: WildFly Elytron > Issue Type: Release > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Fix For: 1.1.0.Beta47 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2871) Upgrade WildFly Elytron to 1.1.0.Beta47

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2871?page=com.atlassian.jira.plugi... ] Darran Lofthouse moved JBEAP-11131 to WFCORE-2871: -------------------------------------------------- Project: WildFly Core (was: JBoss Enterprise Application Platform) Key: WFCORE-2871 (was: JBEAP-11131) Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1) Component/s: Security (was: Security) > Upgrade WildFly Elytron to 1.1.0.Beta47 > --------------------------------------- > > Key: WFCORE-2871 > URL: https://issues.jboss.org/browse/WFCORE-2871 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta23 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-2871) Upgrade WildFly Elytron to 1.1.0.Beta47

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/WFCORE-2871?page=com.atlassian.jira.plugi... ] Darran Lofthouse updated WFCORE-2871: ------------------------------------- Fix Version/s: 3.0.0.Beta23 > Upgrade WildFly Elytron to 1.1.0.Beta47 > --------------------------------------- > > Key: WFCORE-2871 > URL: https://issues.jboss.org/browse/WFCORE-2871 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 3.0.0.Beta23 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1201) Release WildFly Elytron 1.1.0.Beta47

by Darran Lofthouse (JIRA)

Darran Lofthouse created ELY-1201: ------------------------------------- Summary: Release WildFly Elytron 1.1.0.Beta47 Key: ELY-1201 URL: https://issues.jboss.org/browse/ELY-1201 Project: WildFly Elytron Issue Type: Release Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 1.1.0.Beta47 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1197) Update GSSAPI Client SASL mech to use CallbackHandler to obtain GSSCredential

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1197?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1197. ----------------------------------- Resolution: Done > Update GSSAPI Client SASL mech to use CallbackHandler to obtain GSSCredential > ----------------------------------------------------------------------------- > > Key: ELY-1197 > URL: https://issues.jboss.org/browse/ELY-1197 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Critical > Fix For: 1.1.0.Beta47 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (ELY-1185) Only the last mechanism selector is used in Elytron client configuration

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1185?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1185: ------------------------------------- Assignee: Chao Wang (was: Darran Lofthouse) > Only the last mechanism selector is used in Elytron client configuration > ------------------------------------------------------------------------ > > Key: ELY-1185 > URL: https://issues.jboss.org/browse/ELY-1185 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta42 > Reporter: Ondrej Lukas > Assignee: Chao Wang > Priority: Critical > > When Elytron client configuration file includes {{sasl-mechanism-selector}} with string which contains more mechanisms then only the last mentioned mechanism is used. In correct behavior it should use all given mechanisms in given order, see [1]. > In case when the last given mechanism is supported by server then it tries to authenticate, otherwise no mechanism is used to attempt to authenticate. > For example, following element for selector can be used in Elytron client configuration file: > {code} > <sasl-mechanism-selector selector="PLAIN DIGEST-MD5 ANONYMOUS JBOSS-LOCAL-USER"/> > {code} > When only {{DIGEST-MD5}} is supported by server then it works only if {{DIGEST-MD5}} is the last mechanism in selector string. > [1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=c... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

[JBoss JIRA] (WFLY-8839) AUTH protocol should obtain X509 certificate from an Elytron capability

by Paul Ferraro (JIRA)

Paul Ferraro created WFLY-8839: ---------------------------------- Summary: AUTH protocol should obtain X509 certificate from an Elytron capability Key: WFLY-8839 URL: https://issues.jboss.org/browse/WFLY-8839 Project: WildFly Issue Type: Feature Request Components: Clustering, Security Affects Versions: 10.1.0.Final Reporter: Paul Ferraro Assignee: Paul Ferraro -- This message was sent by Atlassian JIRA (v7.2.3#72005)

7 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2017