August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-633) No log messages comming from Elytron - password verification

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-633?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-633: ------------------------------------ Assignee: (was: Darran Lofthouse) > No log messages comming from Elytron - password verification > ------------------------------------------------------------ > > Key: ELY-633 > URL: https://issues.jboss.org/browse/ELY-633 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta9 > Reporter: Ondrej Lukas > > Elytron is missing any log messages related to password verification. These log messages should be added. See JBEAP-6041 for more details. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-652) There isn't possibility set entry-type for new entry in Credential Store.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-652?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-652: ------------------------------------ Assignee: (was: Peter Skopek) > There isn't possibility set entry-type for new entry in Credential Store. > ------------------------------------------------------------------------- > > Key: ELY-652 > URL: https://issues.jboss.org/browse/ELY-652 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Priority: Critical > > There isn't possibility set entry-type for new entry in Credential Store > This CLI command > {code} > /subsystem=elytron/credential-store=testCS/alias=aliasEntryType:add(secret-value=secretVALUE, entry-type=org.wildfly.security.credential.PasswordCredential) > {code} > ends with > {code} > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.IllegalArgumentException: WFLYELY00909: Credential store 'testCS' does not support given credential store entry type 'org.wildfly.security.credential.PasswordCredential'", > "rolled-back" => true > } > {code} > *Server log:* > {code} > 10:30:39,074 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 18) WFLYCTL0013: Operation ("add") failed - address: ([ > ("subsystem" => "elytron"), > ("credential-store" => "testCS"), > ("alias" => "aliasEntryType") > ]): java.lang.IllegalArgumentException: WFLYELY00909: Credential store 'testCS' does not support given credential store entry type 'org.wildfly.security.credential.PasswordCredential' > at org.wildfly.extension.elytron.CredentialStoreAliasDefinition$AddHandler.performRuntime(CredentialStoreAliasDefinition.java:166) > at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:151) > at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:940) > at org.jboss.as.controller.AbstractOperationContext.processStages(AbstractOperationContext.java:683) > at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:382) > at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1363) > at org.jboss.as.controller.ModelControllerImpl.internalExecute(ModelControllerImpl.java:410) > at org.jboss.as.controller.ModelControllerImpl.execute(ModelControllerImpl.java:232) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.doExecute(ModelControllerClientOperationHandler.java:213) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler.access$300(ModelControllerClientOperationHandler.java:136) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:157) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1$1.run(ModelControllerClientOperationHandler.java:153) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:422) > at org.jboss.as.controller.AccessAuditContext.doAs(AccessAuditContext.java:149) > at org.jboss.as.controller.remote.ModelControllerClientOperationHandler$ExecuteRequestHandler$1.execute(ModelControllerClientOperationHandler.java:153) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$1.doExecute(ManagementRequestContextImpl.java:70) > at org.jboss.as.protocol.mgmt.ManagementRequestContextImpl$AsyncTaskRunner.run(ManagementRequestContextImpl.java:160) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-825) Additional Principal types

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-825?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-825: ------------------------------------ Assignee: (was: David Lloyd) > Additional Principal types > -------------------------- > > Key: ELY-825 > URL: https://issues.jboss.org/browse/ELY-825 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI > Reporter: David Lloyd > > Add some additional principal types, which can be used with realms to locate specific identities for the purpose of self-service. > Make realm implementations return useful principal values in their getPrincipal() methods which can be used for this purpose. > Make the authentication context code recognize special principals that can be used to load an identity directly from a target realm. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-283) Investigate Elytron and gssproxy interoperability

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-283?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-283: ------------------------------------ Assignee: (was: Peter Skopek) > Investigate Elytron and gssproxy interoperability > ------------------------------------------------- > > Key: ELY-283 > URL: https://issues.jboss.org/browse/ELY-283 > Project: WildFly Elytron > Issue Type: Task > Components: SASL > Reporter: Peter Skopek > Fix For: 2.0.0.Alpha1 > > > Investigate Elytron and gssproxy interoperability. > https://fedorahosted.org/gss-proxy/ -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-386) Unable to create HTTPS connection when some opnessl cipher suite with DHE are used

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-386?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-386: ------------------------------------ Assignee: (was: Darran Lofthouse) > Unable to create HTTPS connection when some opnessl cipher suite with DHE are used > ---------------------------------------------------------------------------------- > > Key: ELY-386 > URL: https://issues.jboss.org/browse/ELY-386 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.0.2.Final > Environment: Oracle java 1.8.0_66 > Reporter: Martin Choma > > Can't configure OpenSSL cipher suites EXP-DHE-RSA-DES-CBC-SHA, DHE-RSA-DES-CBC-SHA, DHE-RSA-DES-CBC3-SHA, EXP-DHE-DSS-DES-CBC-SHA, DHE-DSS-CBC-SHA, DHE-DSS-DES-CBC3-SHA [1] for HTTPS connection. Seems like everlasting problem DHE vs. EDH [2] - these cipher suites don't work neither in EAP6. IMHO problem is in MechanismDatabase.properties, where these DHE cipher suite are mapped to openssl EDH cipher suite what contradict openssl documentation [1]: > {code} > SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = alias:TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA > SSL_DHE_RSA_WITH_DES_CBC_SHA = alias:TLS_DHE_RSA_WITH_DES_CBC_SHA > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = alias:TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = EXP-EDH-RSA-DES-CBC-SHA,DHE,RSA,DES,SHA1,SSLv3,true,EXP40,false,40,56 > TLS_DHE_RSA_WITH_DES_CBC_SHA = EDH-RSA-DES-CBC-SHA,DHE,RSA,DES,SHA1,SSLv3,false,LOW,false,56,56 > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = EDH-RSA-DES-CBC3-SHA,DHE,RSA,3DES,SHA1,SSLv3,false,HIGH,true,168,168 > SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = EXP-EDH-DSS-DES-CBC-SHA,DHE,DSS,DES,SHA1,SSLv3,true,EXP40,false,40,56 > SSL_DHE_DSS_WITH_DES_CBC_SHA = EDH-DSS-DES-CBC-SHA,DHE,DSS,DES,SHA1,SSLv3,false,LOW,false,56,56 > SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = EDH-DSS-DES-CBC3-SHA,DHE,DSS,3DES,SHA1,SSLv3,false,HIGH,true,168,168 > {code} > Note that MechanismDatabase.properties is inconsistent in mapping DHE cipher suites to openssl cipher suites, as there also exist couple of them which map DHE to DHE, for example > {code} > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = DHE-RSA-AES128-SHA256,DHE,RSA,AES128,SHA256,TLSv1.2,false,HIGH,true,128,128 > TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = DHE-RSA-AES256-SHA256,DHE,RSA,AES256,SHA256,TLSv1.2,false,HIGH,true,256,256 > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = DHE-RSA-AES128-GCM-SHA256,DHE,RSA,AES128GCM,AEAD,TLSv1.2,false,HIGH,true,128,128 > TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = DHE-RSA-AES256-GCM-SHA384,DHE,RSA,AES256GCM,AEAD,TLSv1.2,false,HIGH,true,256,256 > {code} > In MechanismDatabase.properties is also said that > ??Note that all EDH ciphers automatically get a DHE OpenSSL-style alias (and vice-versa)?? > I think this JIRA contradict this comment. > Last thing, based on [1] shouldn't be SSL_DHE_DSS_WITH_DES_CBC_SHA defined as > SSL_DHE_DSS_WITH_DES_CBC_SHA = DHE-DSS-CBC-SHA,DHE,DSS,DES,SHA1,SSLv3,false,LOW,false,56,56 > ? > [1] https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-SUITE-NAMES > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1123304 -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-890) Please remove CredentialStore name from CredentialStore URI attribute.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-890?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-890: ------------------------------------ Assignee: (was: Peter Skopek) > Please remove CredentialStore name from CredentialStore URI attribute. > ---------------------------------------------------------------------- > > Key: ELY-890 > URL: https://issues.jboss.org/browse/ELY-890 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > > Please remove CredentialStore name from CredentialStore URI attribute. > {code} > cr-store://testName/cs002.jceks > {code} > The name (testName) from URI atrribute is used only in parser for this URI. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-855) Add ability to merge AuthenticationConfigurations

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-855?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-855: ------------------------------------ Assignee: (was: David Lloyd) > Add ability to merge AuthenticationConfigurations > ------------------------------------------------- > > Key: ELY-855 > URL: https://issues.jboss.org/browse/ELY-855 > Project: WildFly Elytron > Issue Type: Task > Components: Authentication Client > Reporter: David Lloyd > Priority: Critical > > We need a "with" method on AuthenticationConfiguration which appends one configuration to another. This allows for fallback defaults. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-722) Move callback handler interactions to a common base class for HTTP mechanisms, .

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-722?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-722: ------------------------------------ Assignee: (was: Darran Lofthouse) > Move callback handler interactions to a common base class for HTTP mechanisms,. > ------------------------------------------------------------------------------- > > Key: ELY-722 > URL: https://issues.jboss.org/browse/ELY-722 > Project: WildFly Elytron > Issue Type: Enhancement > Components: HTTP > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta1 > > > This is to follow a similar pattern as is used for the SASL mechanisms. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-949) Add a mechanism to assign priorities to audit events

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-949?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-949: ------------------------------------ Assignee: (was: Darran Lofthouse) > Add a mechanism to assign priorities to audit events > ---------------------------------------------------- > > Key: ELY-949 > URL: https://issues.jboss.org/browse/ELY-949 > Project: WildFly Elytron > Issue Type: Task > Components: Audit > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta1 > > > We probably want something like MatchRule but also need to think about how it will be configured. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1261) Revisit credentials key-store-reference and certificate from Elytron client configuration file

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1261?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1261: ------------------------------------- Assignee: (was: Darran Lofthouse) > Revisit credentials key-store-reference and certificate from Elytron client configuration file > ---------------------------------------------------------------------------------------------- > > Key: ELY-1261 > URL: https://issues.jboss.org/browse/ELY-1261 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > Priority: Critical > > It seems that only supported SASL mechanism in Elytron which is able to work with key/certificate is {{EXTERNAL}} mechanism. However this mechanism takes this information from SSL connection which means that credentials defined in {{configuration.authentication-client.authentication-configurations.configuration.credentials.key-store-reference}} or {{configuration.authentication-client.authentication-configurations.configuration.credentials.certificate}} from Elytron client configuration file are not used in this case. > Is there any Elytron supported SASL mechanism which is currently able to work with these credentials? In this case please provide configuration and SASL mechanism which is able to work with {{key-store-reference}} and {{certificate}} credentials. > Otherwise these {{key-store-reference}} and {{certificate}} should be removed from Elytron client configuration because they currently cannot be used by users (or tested by QA). They can be added to configuration again once Elytron will support mechanism which is able to work with key/certificate as credentials. This is basically the similar issue as ELY-1257. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017