May 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-1587) X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3]

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1587?page=com.atlassian.jira.plugin.s... ] Martin Choma commented on ELY-1587: ----------------------------------- CC: [~fjuma] Farah, not sure if you noticed this issue. This is likely in "your" area. Should I prepare testing certificate? > X500 principal [CN=client] was not decoded - no values of attribute [2.5.4.3] > ----------------------------------------------------------------------------- > > Key: ELY-1587 > URL: https://issues.jboss.org/browse/ELY-1587 > Project: WildFly Elytron > Issue Type: Bug > Components: Certificate Authority, X.500 > Affects Versions: 1.3.2.Final > Reporter: Martin Choma > Priority: Critical > Fix For: 1.3.3.CR1 > > > Debugging revealed certificate use {{utf8String}} representation whereas Elytron is expecting {{printableString}} > In rfc 5280 [1] chapter 4.1.2.4. Issuer there is specified value of subject/issuer can be of 5 types > {code} > DirectoryString ::= CHOICE { > teletexString TeletexString (SIZE (1..MAX)), > printableString PrintableString (SIZE (1..MAX)), > universalString UniversalString (SIZE (1..MAX)), > utf8String UTF8String (SIZE (1..MAX)), > bmpString BMPString (SIZE (1..MAX)) } > {code} > However Elytron X500 principal decoder [2] can handle only 2 of them PRINTABLE_STRING_TYPE and IA5_STRING_TYPE (not sure which type of rfc does that match) [2] > Definitely missing {{utf8String}} (my case). Also revise for backward compatibility {{teletexString}}, {{bmpString}} and {{universalString}} > [1] https://www.ietf.org/rfc/rfc5280.txt > [2] https://github.com/wildfly-security/wildfly-elytron/blob/32ff7c17965b3eca... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3888) Undertow 2.0.8.Final

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3888?page=com.atlassian.jira.plugi... ] Jeff Mesnil reopened WFCORE-3888: --------------------------------- > Undertow 2.0.8.Final > -------------------- > > Key: WFCORE-3888 > URL: https://issues.jboss.org/browse/WFCORE-3888 > Project: WildFly Core > Issue Type: Bug > Reporter: Stuart Douglas > Assignee: Stuart Douglas > Fix For: 5.0.0.Beta5 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3888) Undertow 2.0.8.Final

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3888?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-3888: -------------------------------- Issue Type: Component Upgrade (was: Bug) > Undertow 2.0.8.Final > -------------------- > > Key: WFCORE-3888 > URL: https://issues.jboss.org/browse/WFCORE-3888 > Project: WildFly Core > Issue Type: Component Upgrade > Reporter: Stuart Douglas > Assignee: Stuart Douglas > Fix For: 5.0.0.Beta5 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3888) Undertow 2.0.8.Final

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3888?page=com.atlassian.jira.plugi... ] Jeff Mesnil resolved WFCORE-3888. --------------------------------- Resolution: Done > Undertow 2.0.8.Final > -------------------- > > Key: WFCORE-3888 > URL: https://issues.jboss.org/browse/WFCORE-3888 > Project: WildFly Core > Issue Type: Component Upgrade > Reporter: Stuart Douglas > Assignee: Stuart Douglas > Fix For: 5.0.0.Beta5 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3889) Legacy kerberos realm cant load com.sun.security.auth.module.Krb5LoginModule

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3889?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-3889: -------------------------------- Fix Version/s: 5.0.0.CR1 (was: 5.0.0.Beta5) > Legacy kerberos realm cant load com.sun.security.auth.module.Krb5LoginModule > ---------------------------------------------------------------------------- > > Key: WFCORE-3889 > URL: https://issues.jboss.org/browse/WFCORE-3889 > Project: WildFly Core > Issue Type: Bug > Components: Security > Affects Versions: 5.0.0.Beta4 > Reporter: Martin Choma > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 5.0.0.CR1 > > > Use Case: securing EJB with kerberos ldap realm > {code} > 10:01:21,168 ERROR [org.jboss.as.domain.management.security] (default task-1) WFLYDM0093: Login failed using Keytab for principal 'remote/localhost(a)JBOSS.ORG' to handle request for host 'localhost': javax.security.auth.login.LoginException: unable to find LoginModule class: com.sun.security.auth.module.Krb5LoginModule from [Module "org.wildfly.extension.io" version 5.0.0.Beta4 from local module loader @7a5d012c (finder: local module finder @3fb6a447 (roots: /home/mchoma/Repos/tests-ldap-kerberos/tests/target/dist/jboss-eap/modules,/home/mchoma/Repos/tests-ldap-kerberos/tests/target/dist/jboss-eap/modules/system/layers/base))] > at javax.security.auth.login.LoginContext.invoke(LoginContext.java:794) > at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at javax.security.auth.login.LoginContext.login(LoginContext.java:587) > at org.jboss.as.domain.management.security.KeytabService.createSubjectIdentity(KeytabService.java:209) > at org.jboss.as.domain.management.security.KeytabIdentityFactoryService.getSubjectIdentity(KeytabIdentityFactoryService.java:152) > at org.jboss.as.domain.management.security.SecurityRealmService.getSubjectIdentity(SecurityRealmService.java:565) > at org.jboss.as.domain.management.security.SecurityRealmService.getGSSKerberosCredential(SecurityRealmService.java:616) > at org.jboss.as.domain.management.security.SecurityRealmService.lambda$null$2(SecurityRealmService.java:275) > at org.wildfly.security.credential.source.CredentialSource$4.getCredential(CredentialSource.java:325) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:978) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96) > at org.wildfly.security.sasl.gssapi.GssapiServer.<init>(GssapiServer.java:89) > at org.wildfly.security.sasl.gssapi.GssapiServerFactory.createSaslServer(GssapiServerFactory.java:44) > at org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory.createSaslServer(SecurityProviderSaslServerFactory.java:84) > at org.wildfly.security.sasl.util.FilterMechanismSaslServerFactory.createSaslServer(FilterMechanismSaslServerFactory.java:88) > at org.wildfly.security.sasl.util.PropertiesSaslServerFactory.createSaslServer(PropertiesSaslServerFactory.java:56) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:66) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:66) > at org.wildfly.security.sasl.util.SetMechanismInformationSaslServerFactory.createSaslServer(SetMechanismInformationSaslServerFactory.java:80) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory.createSaslServer(AuthenticationCompleteCallbackSaslServerFactory.java:51) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.createSaslServer(TrustManagerSaslServerFactory.java:72) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory.createSaslServer(AuthenticationTimeoutSaslServerFactory.java:74) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:66) > at org.wildfly.security.sasl.util.ProtocolSaslServerFactory.createSaslServer(ProtocolSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory.createSaslServer(AbstractDelegatingSaslServerFactory.java:66) > at org.wildfly.security.sasl.util.ServerNameSaslServerFactory.createSaslServer(ServerNameSaslServerFactory.java:48) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory.createSaslServer(SecurityIdentitySaslServerFactory.java:53) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:61) > at org.wildfly.security.auth.server.SaslAuthenticationFactory.doCreate(SaslAuthenticationFactory.java:52) > at org.wildfly.security.auth.server.AbstractMechanismAuthenticationFactory.createMechanism(AbstractMechanismAuthenticationFactory.java:54) > at org.jboss.remoting3.ConnectionImpl.lambda$receiveAuthRequest$2(ConnectionImpl.java:196) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3883) Upgrade WildFly Elytron to 1.3.3.Final

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3883?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-3883: -------------------------------- Fix Version/s: 5.0.0.CR1 (was: 5.0.0.Beta5) > Upgrade WildFly Elytron to 1.3.3.Final > -------------------------------------- > > Key: WFCORE-3883 > URL: https://issues.jboss.org/browse/WFCORE-3883 > Project: WildFly Core > Issue Type: Component Upgrade > Components: Security > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Blocker > Fix For: 5.0.0.CR1 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3817) Remove usages of deprecated ServiceListeners

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3817?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-3817: -------------------------------- Fix Version/s: 5.0.0.CR1 (was: 5.0.0.Beta5) > Remove usages of deprecated ServiceListeners > -------------------------------------------- > > Key: WFCORE-3817 > URL: https://issues.jboss.org/browse/WFCORE-3817 > Project: WildFly Core > Issue Type: Enhancement > Reporter: Richard Opalka > Assignee: Richard Opalka > Fix For: 5.0.0.CR1 > > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-3806) Eliminate code that was using transitive MSC dependencies

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-3806?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-3806: -------------------------------- Fix Version/s: 5.0.0.CR1 (was: 5.0.0.Beta5) > Eliminate code that was using transitive MSC dependencies > --------------------------------------------------------- > > Key: WFCORE-3806 > URL: https://issues.jboss.org/browse/WFCORE-3806 > Project: WildFly Core > Issue Type: Enhancement > Components: Server > Reporter: Richard Opalka > Assignee: Richard Opalka > Fix For: 5.0.0.CR1 > > > Prior MSC 1.2.8 stability monitors were reporting problems if > some transitive dependency wasn't available. This has changed > since MSC 1.2.8. There is no notion of transitive > dependencies in JBoss MSC anymore. If stability monitor detects > a problem it is always immediate dependency of monitored controller. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (WFCORE-1649) RBAC constraint config modifications will fail in a mixed domain if the modified constraint is not present in the legacy slave

by Jeff Mesnil (JIRA)

[ https://issues.jboss.org/browse/WFCORE-1649?page=com.atlassian.jira.plugi... ] Jeff Mesnil updated WFCORE-1649: -------------------------------- Fix Version/s: 5.0.0.CR1 (was: 5.0.0.Beta5) > RBAC constraint config modifications will fail in a mixed domain if the modified constraint is not present in the legacy slave > ------------------------------------------------------------------------------------------------------------------------------ > > Key: WFCORE-1649 > URL: https://issues.jboss.org/browse/WFCORE-1649 > Project: WildFly Core > Issue Type: Bug > Components: Management > Reporter: Brian Stansberry > Assignee: Brian Stansberry > Priority: Critical > Labels: domain-mode > Fix For: 5.0.0.CR1 > > > The management model for RBAC constraints is maintained using synthetic resources, with resources only existing for those items (SensitivityClassification and ApplicationClassification) that are registered in the current process. Operations that touch classifications unknown to that process will fail due to missing resource problems. > This is a big problem in the following scenarios: > 1) Mixed domain, where legacy slaves do not know about newly introduced classifications. > 2) Slimming scenarios where slaves are ignoring unrelated parts of the domain wide config and also don't have some extension installed, resulting in classifications registered by those extensions not being present. > A partial workaround to 1) is for the kernel to register transformers for newly introduced classifications (e.g. SERVER_SSL added in EAP 6.4.7 and EAP 7). But: > -- that doesn't help with problem 2) > -- only the kernel can register kernel transformers, so if extensions add new classifications there is no way for them to register the transformer. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-246) Move necessary content of hawkular-qe-utils to kiali-qe-utils

by Filip Brychta (JIRA)

[ https://issues.jboss.org/browse/SWSQE-246?page=com.atlassian.jira.plugin.... ] Filip Brychta resolved SWSQE-246. --------------------------------- Resolution: Done > Move necessary content of hawkular-qe-utils to kiali-qe-utils > ------------------------------------------------------------- > > Key: SWSQE-246 > URL: https://issues.jboss.org/browse/SWSQE-246 > Project: Kiali QE > Issue Type: Task > Reporter: Filip Brychta > Assignee: Filip Brychta > > We still have some scripts in hawkular-qe-utils which are used by kiali. We need to move them to kiali-qe-utils and update jenkins job configs accordingly. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira May 2018