August 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-467) Integrate CredentialStore with mechanism configuration so mechanisms can obtain the credentials they require.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-467?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-467: ------------------------------------ Assignee: (was: Darran Lofthouse) > Integrate CredentialStore with mechanism configuration so mechanisms can obtain the credentials they require. > ------------------------------------------------------------------------------------------------------------- > > Key: ELY-467 > URL: https://issues.jboss.org/browse/ELY-467 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI, Credential Store > Reporter: Darran Lofthouse > Fix For: 2.0.0.Alpha1 > > -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-613) Some nested classes should be considered to be static nested in Elytron

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-613?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-613: ------------------------------------ Assignee: (was: Darran Lofthouse) > Some nested classes should be considered to be static nested in Elytron > ----------------------------------------------------------------------- > > Key: ELY-613 > URL: https://issues.jboss.org/browse/ELY-613 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta7 > Reporter: Ondrej Lukas > Labels: static_analysis > Fix For: 1.2.0.Beta1 > > > There are some inner classes in Elytron which should be considered to be static nested to avoid dependency on their outer class. Following nested classes should be considered: > * LoadedIdentity and Identity from org.wildfly.security.auth.realm.FileSystemSecurityRealm > * DecoderState from org.wildfly.security.asn1.DERDecoder > * AccountEntry from org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealm > * JaasAuthorizationIdentity and DefaultCallbackHandler from org.wildfly.security.auth.realm.JaasSecurityRealm > * LoadKey from org.wildfly.security.keystore.AtomicLoadKeyStore -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-728) The map backing SimpleMapBackedSecurityRealm should be an identity map not a password map.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-728?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-728: ------------------------------------ Assignee: (was: Darran Lofthouse) > The map backing SimpleMapBackedSecurityRealm should be an identity map not a password map. > ------------------------------------------------------------------------------------------ > > Key: ELY-728 > URL: https://issues.jboss.org/browse/ELY-728 > Project: WildFly Elytron > Issue Type: Task > Components: API / SPI, Realms > Reporter: Darran Lofthouse > Priority: Critical > Fix For: 1.2.0.Beta1 > > > This realm is useful in cases where we need an identity to exist where the mechanism has performed validation without requiring access to credentials. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-376) Password policies

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-376?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-376: ------------------------------------ Assignee: (was: David Lloyd) > Password policies > ----------------- > > Key: ELY-376 > URL: https://issues.jboss.org/browse/ELY-376 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI, Passwords, Realms > Reporter: Darran Lofthouse > Fix For: 2.0.0.Alpha1 > > > Probably needs a design discussion first but we need to review where password policies fit in to the overall solution. > We may say that policy handling is really the responsibility of the actual realm implementation, after all items such as history are going to be very realm specific. > However there may also be a case in the generic sense that where a modifiable realm is in use a policy is desired to cover the complexity of any passwords set on that realm. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-388) On IBM Java 1.8 I am unable to create HTTPS connection whit "TLSv1" openssl cipher string

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-388?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-388: ------------------------------------ Assignee: (was: Darran Lofthouse) > On IBM Java 1.8 I am unable to create HTTPS connection whit "TLSv1" openssl cipher string > ----------------------------------------------------------------------------------------- > > Key: ELY-388 > URL: https://issues.jboss.org/browse/ELY-388 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.0.2.Final > Environment: IBM java 1.8 SR1 FP10 > Reporter: Martin Choma > Attachments: server_debug.log > > > On ibm java 1.8 I can't establish HTTPS connection using TLSv1 cipher string. On EAP 6.4 it is possible. > Handshake ends with message > javax.net.ssl.SSLHandshakeException: No appropriate protocol, may be no appropriate cipher suite specified or protocols are deactivated > Note, issue apply to enabled-cipher-suites="TLSv1", not enabled-protocols="TLSv1" - that works OK. > According to OpenSSL documentation [1], cipher suites corresponding with TLSv1 cipher string should be available for handshake. > According to Elytron documentation [2], cipher suites corresponding with TLSv1 cipher string should be available for handshake. > [1] https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-STRINGS > [2] http://wildfly-security.github.io/wildfly-elytron/org/wildfly/security/ss... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1266) Simple String in Elytron rotating-file-audit-log.suffix attribute causes wrong audit file name

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-1266?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse reassigned ELY-1266: ------------------------------------- Assignee: (was: Darran Lofthouse) > Simple String in Elytron rotating-file-audit-log.suffix attribute causes wrong audit file name > ---------------------------------------------------------------------------------------------- > > Key: ELY-1266 > URL: https://issues.jboss.org/browse/ELY-1266 > Project: WildFly Elytron > Issue Type: Bug > Components: Audit > Affects Versions: 1.1.0.Beta52 > Reporter: Ondrej Lukas > > {{suffix}} attribute of Elytron {{rotating-file-audit-log}} uses {{java.text.SimpleDateFormat}} format [1]. It means that {{'someText'}} can be used as value of {{suffix}} attribute. However in case when only this string (without any pattern letters) is used in {{suffix}}, then resulting audit file name includes suffix "null" instead of defined suffix "someText". In case when suffix includes also pattern letters (e.g. {{d'someText'}}) then it works correctly. > [1] https://docs.oracle.com/javase/8/docs/api/java/text/SimpleDateFormat.html -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-483) GssapiTestSuite and Gs2Test fail with com.ibm.security.krb5.KrbException, status code: 9 for IBM JDK

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-483?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-483: ------------------------------------ Assignee: (was: Darran Lofthouse) > GssapiTestSuite and Gs2Test fail with com.ibm.security.krb5.KrbException, status code: 9 for IBM JDK > ---------------------------------------------------------------------------------------------------- > > Key: ELY-483 > URL: https://issues.jboss.org/browse/ELY-483 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.1.0.Beta5 > Reporter: Ondrej Lukas > > Test cases initialization from GssapiTestSuite and Gs2Test fail with following exception for IBM JDK: > {code} > javax.security.auth.login.FailedLoginException: > Login error: com.ibm.security.krb5.KrbException, status code: 9 > message: The client or server has a null key > at com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(I18NException.java:15) > at com.ibm.security.auth.module.Krb5LoginModule.j(Krb5LoginModule.java:727) > at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:307) > at com.ibm.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:59) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) > at java.lang.reflect.Method.invoke(Method.java:507) > at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788) > at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196) > at javax.security.auth.login.LoginContext$5.run(LoginContext.java:721) > at javax.security.auth.login.LoginContext$5.run(LoginContext.java:719) > at java.security.AccessController.doPrivileged(AccessController.java:686) > at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:719) > at javax.security.auth.login.LoginContext.login(LoginContext.java:593) > at org.wildfly.security.sasl.gssapi.JaasUtil.login(JaasUtil.java:71) > at org.wildfly.security.sasl.gssapi.JaasUtil.loginClient(JaasUtil.java:53) > at org.wildfly.security.sasl.gssapi.JdkClientJdkServer.initialise(JdkClientJdkServer.java:47) > ... > {code} > It is test case issue but it can hide any another functional issue because affected tests are not running with IBM JDK. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-678) Credential-reference(alias=) should be resolved in time of request.

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-678?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-678: ------------------------------------ Assignee: (was: Peter Skopek) > Credential-reference(alias=) should be resolved in time of request. > ------------------------------------------------------------------- > > Key: ELY-678 > URL: https://issues.jboss.org/browse/ELY-678 > Project: WildFly Elytron > Issue Type: Bug > Components: Credential Store > Affects Versions: 1.1.0.Beta10 > Reporter: Hynek Švábek > Attachments: credentialstore.jceks, firefly.keystore > > > Credential-reference should be resolved in time of request - in this case the alias which contains wrong password in CredentialStore (we can change it later to right password...). > If I add credential reference with alias which contains wrong password then I get this error: > {code} > { > "outcome" => "failed", > "failure-description" => { > "WFLYCTL0080: Failed services" => {"org.wildfly.security.key-store.fireflyWrong" => "org.jboss.msc.service.StartException in service org.wildfly.security.key-store.fireflyWrong: WFLYELY00004: Unable to start the service. > Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect > Caused by: java.security.UnrecoverableKeyException: Password verification failed"}, > "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.key-store.fireflyWrong"], > "WFLYCTL0180: Services with missing/unavailable dependencies" => undefined > }, > "rolled-back" => true > } > {code} > *When I reload server then same command pass!* > But I nowhere got information about reload-required > {code} > /subsystem=elytron/key-store=fireflyWrong:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore2,alias=ffWithWrongPass}) > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-700) Fix AuthenticationClient comparison behavior

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-700?page=com.atlassian.jira.plugin.sy... ] Darran Lofthouse reassigned ELY-700: ------------------------------------ Assignee: (was: David Lloyd) > Fix AuthenticationClient comparison behavior > -------------------------------------------- > > Key: ELY-700 > URL: https://issues.jboss.org/browse/ELY-700 > Project: WildFly Elytron > Issue Type: Bug > Components: Authentication Client > Reporter: David Lloyd > > The authentication client's comparison behavior is more or less banjaxed. It needs to be fixed, starting probably with killing off multi-valued configuration items. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-97) Realm Readniess

by Darran Lofthouse (JIRA)

[ https://issues.jboss.org/browse/ELY-97?page=com.atlassian.jira.plugin.sys... ] Darran Lofthouse reassigned ELY-97: ----------------------------------- Assignee: (was: Darran Lofthouse) > Realm Readniess > --------------- > > Key: ELY-97 > URL: https://issues.jboss.org/browse/ELY-97 > Project: WildFly Elytron > Issue Type: Feature Request > Components: API / SPI > Reporter: Darran Lofthouse > Fix For: 1.2.0.Beta1 > > > Needs some discussion first but this is along the lines of the following: - > 1 - Within WildFly where we currently have realms we have an ability to query them to check they are ready to handle requests - this is mainly used for out of the box where we can display an error page describing to the user additional steps they need to perform. > 2 - Realms are essentially the interface to back end stores of user information, most likely being remote with no guarantee that they are always available, from an Elytron perspective this adds an additional two options: - > i. Alter offered realms also taking into account availability, information disclosure risk but worth considering. > ii. Security status panels within admin console, view at a glance what is available and what is not allowing administrator to take action. We also have notification support - a candidate for a notification. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

8 years, 8 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2017