August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-630) Elytron - aggregate-role-mapper can contain multi reference to one role mapper

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-630?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-630: ------------------------------------ Assignee: (was: Darran Lofthouse) > Elytron - aggregate-role-mapper can contain multi reference to one role mapper > ------------------------------------------------------------------------------ > > Key: ELY-630 > URL: https://issues.jboss.org/browse/ELY-630 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Hynek Švábek > Priority: Minor > > Aggregate-role-mapper can contain multi reference to one role mapper. > In my opinion it isn't valid state. > But there is some probability that it is required behaviour. > Can you have a look on it? > Configuration snippet: > {code} > <subsystem xmlns="urn:wildfly:elytron:1.0"> > <mappers> > <add-prefix-role-mapper name="CreaperTestAddPrefixRoleMapper" prefix="somePrefix"/> > <aggregate-role-mapper name="CreaperTestAggregateRoleMapper"> > <role-mapper name="CreaperTestAddPrefixRoleMapper"/> > <role-mapper name="CreaperTestAddPrefixRoleMapper"/> > </aggregate-role-mapper> > </mappers> > </subsystem> > {code} > *Actual results:* > Aggregate-role-mapper can contain multi reference to one role-mapper. > *Expected results:* > You would not be able to define multi reference to one role-mapper in aggregate-role-mapper. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-396) Undertow HTTPS listener does not accept EXPORT40 and EXPORT56 cipher strings

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-396?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-396: ------------------------------------ Assignee: (was: Darran Lofthouse) > Undertow HTTPS listener does not accept EXPORT40 and EXPORT56 cipher strings > ---------------------------------------------------------------------------- > > Key: ELY-396 > URL: https://issues.jboss.org/browse/ELY-396 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.0.2.Final > Reporter: Ondrej Kotek > Priority: Minor > > Undertow HTTPS listener does not accept EXPORT40 and EXPORT56 cipher strings in enabled-cipher-suites attribute. They are accepted in EAP 6.4. > According to OpenSSL documentation [1], and according to Elytron documentation [2], the cipher strings should be accepted. > [1] https://www.openssl.org/docs/man1.0.2/apps/ciphers.html > [2] http://wildfly-security.github.io/wildfly-elytron/org/wildfly/security/ss... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1044) CS tool has to support bulk conversion of vaults to credential stores.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1044?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1044: ------------------------------------- Assignee: (was: Darran Lofthouse) > CS tool has to support bulk conversion of vaults to credential stores. > ---------------------------------------------------------------------- > > Key: ELY-1044 > URL: https://issues.jboss.org/browse/ELY-1044 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Reporter: Hynek Švábek > Priority: Blocker > > CS tool has to support bulk conversion of vaults to credential stores. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1160) Elytron, SASL digest mechanism works only with MD5 hash function

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1160?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1160: ------------------------------------- Assignee: (was: Darran Lofthouse) > Elytron, SASL digest mechanism works only with MD5 hash function > ---------------------------------------------------------------- > > Key: ELY-1160 > URL: https://issues.jboss.org/browse/ELY-1160 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Martin Choma > Priority: Critical > > Elytron SASL mechanism works only with MD5. When trying to use one of DIGEST-SHA, DIGEST-SHA-256, DIGEST-SHA-512 I get > {code} > ELY05055: [DIGEST-SHA-256] Authentication rejected (invalid proof) > {code} > I know these mechanisms are marked as tech preview [2], but should work. > DIGEST hash function can make problems in fips environment, like this customer case [1] in case of HTTP DIGEST mechanism > {code:title=server.log} > 10:56:26,243 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Initialized connection from /127.0.0.1:39291 to /127.0.0.1:9990 with options {org.jboss.remoting3.RemotingOptions.SASL_PROTOCOL=>remote} > 10:56:26,244 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Accepted connection from /127.0.0.1:39291 to localhost.localdomain/127.0.0.1:9990 > 10:56:26,250 TRACE [org.jboss.remoting.remote] (management I/O-2) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@63e189b6 > 10:56:26,252 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 28 bytes > 10:56:26,252 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 10:56:26,261 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 10:56:26,262 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 10:56:26,262 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 59 bytes > 10:56:26,262 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capabilities request > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: version 1 > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote endpoint name "cli-client" > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: message close protocol supported > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote version is "5.0.0.Beta22-redhat-1" > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels in is "40" > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels out is "40" > 10:56:26,263 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: authentication service > 10:56:26,264 TRACE [org.jboss.remoting.remote.server] (management I/O-2) No EXTERNAL mechanism due to lack of SSL > 10:56:26,269 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Added mechanism DIGEST-SHA-256 > 10:56:26,269 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 85 bytes > 10:56:26,269 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 10:56:26,384 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 10:56:26,384 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 10:56:26,384 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 20 bytes > 10:56:26,385 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=16 cap=8192] > 10:56:26,385 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=16 cap=8192] > 10:56:26,385 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received authentication request > 10:56:26,391 TRACE [org.wildfly.security] (management I/O-2) Handling MechanismInformationCallback type='SASL' name='DIGEST-SHA-256' host-name='localhost.localdomain' protocol='remote' > 10:56:26,392 TRACE [org.wildfly.security] (management I/O-2) Handling MechanismInformationCallback type='SASL' name='DIGEST-SHA-256' host-name='localhost.localdomain' protocol='remote' > 10:56:26,393 TRACE [org.wildfly.security] (management I/O-2) Handling AvailableRealmsCallback: realms = [ManagementRealm] > 10:56:26,454 TRACE [org.jboss.remoting.endpoint] (management I/O-2) Allocated tick to 8 of endpoint "localhost:MANAGEMENT" <1f0d26e2> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@55587716) > 10:56:26,460 TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication challenge > 10:56:26,461 TRACE [org.jboss.remoting.remote] (management task-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Authentication@5a85277e > 10:56:26,461 TRACE [org.jboss.remoting.endpoint] (management task-1) Resource closed count 00000007 of endpoint "localhost:MANAGEMENT" <1f0d26e2> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@55587716) > 10:56:26,461 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 118 bytes > 10:56:26,462 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 10:56:29,472 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 10:56:29,473 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 10:56:29,473 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 324 bytes > 10:56:29,473 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=320 cap=8192] > 10:56:29,473 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=320 cap=8192] > 10:56:29,473 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received authentication response > 10:56:29,473 TRACE [org.jboss.remoting.endpoint] (management I/O-2) Allocated tick to 8 of endpoint "localhost:MANAGEMENT" <1f0d26e2> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@55587716) > 10:56:29,475 TRACE [org.wildfly.security] (management task-2) Handling RealmCallback: selected = [ManagementRealm] > 10:56:29,475 TRACE [org.wildfly.security] (management task-2) Handling NameCallback: authenticationName = admin > 10:56:29,476 TRACE [org.wildfly.security] (management task-2) Principal assigning: [admin], pre-realm rewritten: [admin], realm name: [ManagementRealm], post-realm rewritten: [admin], realm rewritten: [admin] > 10:56:29,478 TRACE [org.wildfly.security] (management task-2) Handling CredentialCallback: failed to obtain credential > 10:56:29,478 TRACE [org.wildfly.security] (management task-2) Handling RealmCallback: selected = [ManagementRealm] > 10:56:29,478 TRACE [org.wildfly.security] (management task-2) Handling NameCallback: authenticationName = admin > 10:56:29,483 TRACE [org.wildfly.security] (management task-2) Handling CredentialCallback: obtained credential: org.wildfly.security.credential.PasswordCredential@7917c4d1 > 10:56:29,485 TRACE [org.jboss.remoting.remote.server] (management task-2) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05055: [DIGEST-SHA-256] Authentication rejected (invalid proof) > at org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:279) > at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:355) > at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180) > at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:328) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:470) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:897) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > 10:56:29,486 TRACE [org.wildfly.security] (management task-2) Handling AuthenticationCompleteCallback: fail > 10:56:29,498 TRACE [org.jboss.remoting.remote] (management task-2) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@3770546b > 10:56:29,498 TRACE [org.jboss.remoting.endpoint] (management task-2) Resource closed count 00000007 of endpoint "localhost:MANAGEMENT" <1f0d26e2> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@55587716) > 10:56:29,499 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 5 bytes > 10:56:29,499 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 10:56:29,499 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 10:56:29,499 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 10:56:29,500 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received 59 bytes > 10:56:29,500 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received message java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Received java.nio.HeapByteBuffer[pos=0 lim=55 cap=8192] > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capabilities request > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: version 1 > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote endpoint name "cli-client" > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: message close protocol supported > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote version is "5.0.0.Beta22-redhat-1" > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels in is "40" > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: remote channels out is "40" > 10:56:29,500 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Server received capability: authentication service > 10:56:29,501 TRACE [org.jboss.remoting.remote.server] (management I/O-2) No EXTERNAL mechanism due to lack of SSL > 10:56:29,502 TRACE [org.jboss.remoting.remote.server] (management I/O-2) Added mechanism DIGEST-SHA-256 > 10:56:29,502 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Sent 85 bytes > 10:56:29,502 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Flushed channel > 10:56:29,503 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) No buffers in queue for message header > 10:56:29,503 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Allocated fresh buffers > 10:56:29,503 TRACE [org.jboss.remoting.remote.connection] (management I/O-2) Received EOF > 10:56:29,503 TRACE [org.jboss.remoting.remote] (management I/O-2) Received connection end-of-stream > {code} > [1] https://access.redhat.com/support/cases/#/case/01761455 > [2] https://docs.google.com/document/d/1JelV424cHI1cr1BSH2MCXDAUlorGGJGca7uwZ... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-948) Add additional audit events

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-948?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-948: ------------------------------------ Assignee: (was: Darran Lofthouse) > Add additional audit events > --------------------------- > > Key: ELY-948 > URL: https://issues.jboss.org/browse/ELY-948 > Project: WildFly Elytron > Issue Type: Task > Components: Audit > Reporter: Darran Lofthouse > Fix For: 2.0.0.Alpha1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-432) Support setEnableSessionCreation on ServerSSLContextBuilder

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-432?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-432: ------------------------------------ Assignee: (was: Darran Lofthouse) > Support setEnableSessionCreation on ServerSSLContextBuilder > ----------------------------------------------------------- > > Key: ELY-432 > URL: https://issues.jboss.org/browse/ELY-432 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta1 > > > It is already possible to configure this one for XNIO and Undertow so we should add this config option to our own builder. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-786) KeyAlias can be overwritten by CredentialStore alias entry.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-786?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-786: ------------------------------------ Assignee: (was: Darran Lofthouse) > KeyAlias can be overwritten by CredentialStore alias entry. > ----------------------------------------------------------- > > Key: ELY-786 > URL: https://issues.jboss.org/browse/ELY-786 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Hynek Švábek > Priority: Critical > > KeyAlias can be overwritten by CredentialStore alias entry. > {code} > /subsystem=elytron/credential-store=cskeyalias:add(uri="cr-store://test/cskeyalias.jceks?store.password=pass123;create.storage=true;key.alias=adminKeyAlias") > {code} > {code} > /subsystem=elytron/credential-store=credStore001/alias=adminKeyAlias:add(secret-value=Elytron) > {code} > Using of default key.alias parameter has same result > *Suggestion for solution* > Add check that aliasName isn't keyAlias. > https://github.com/wildfly-security/wildfly-elytron/blob/5f0ed115ea265240... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-434) OCSP Support

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-434?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-434: ------------------------------------ Assignee: (was: Darran Lofthouse) > OCSP Support > ------------ > > Key: ELY-434 > URL: https://issues.jboss.org/browse/ELY-434 > Project: WildFly Elytron > Issue Type: Feature Request > Components: SSL > Reporter: Brian Atkisson > Labels: ocsp > Fix For: 2.0.0.Alpha1 > > > WildFly should fully support OCSP Stapling [https://tools.ietf.org/html/rfc6066 and https://tools.ietf.org/html/rfc6961]. This becomes important for security-related projects such as KeyCloak. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1174) set-authorization-name does not work with set-anonymous for Elytron client

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1174?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1174: ------------------------------------- Assignee: (was: Darran Lofthouse) > set-authorization-name does not work with set-anonymous for Elytron client > -------------------------------------------------------------------------- > > Key: ELY-1174 > URL: https://issues.jboss.org/browse/ELY-1174 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Ondrej Lukas > Priority: Critical > > When {{set-anonymous}} is configured for authentication-configuration of Elytron client configuration file and this configuration includes {{set-authorization-name}} then authorization identity has name {{anonymous}}. Value of {{set-authorization-name}} should be used for authorization identity. > In case element {{set-anonymous}} is changed to {{set-user-name}} then it works as expected (authorization identity is assigned based on {{set-authorization-name}}). -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1305) Wildfly Elytron Tool, run script without any parameter must show help output, not error message

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1305?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1305: ------------------------------------- Assignee: (was: Peter Skopek) > Wildfly Elytron Tool, run script without any parameter must show help output, not error message > ----------------------------------------------------------------------------------------------- > > Key: ELY-1305 > URL: https://issues.jboss.org/browse/ELY-1305 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Hynek Švábek > Priority: Blocker > > Run script without any parameter must show help output, not error message. > {code} > [hsvabek@dhcp-10-40-5-17 bin]$ ./elytron-tool.sh > Command or alias "" not found. > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017