[jboss-jira] [JBoss JIRA] (WFLY-8194) JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism
[
https://issues.jboss.org/browse/WFLY-8194?page=com.atlassian.jira.plugin....
]
Ondrej Lukas updated WFLY-8194:
-------------------------------
Steps to Reproduce:
1) Add user - add following line to {{standalone/configuration/mgmt-users.properties}}
{code}
user1=pass@123
{code}
2) Configure application server:
{code}
/subsystem=elytron/sasl-authentication-factory=elytronSaslAuthnFactory:add(security-domain=ManagementDomain,sasl-server-factory=global,mechanism-configurations=[{mechanism-name=PLAIN}])
/subsystem=elytron/properties-realm=ManagementRealm:write-attribute(name=users-properties.plain-text,value=true)
{code}
3) Change http-interface to following:
{code}
<http-interface
http-authentication-factory="management-http-authentication">
<http-upgrade enabled="true"
sasl-authentication-factory="elytronSaslAuthnFactory"/>
<socket-binding http="management-http"/>
</http-interface>
{code}
4) try to authenticate to jboss CLI:
{code}
./jboss-cli.sh -c -u=user1 -p=pass@123 --no-local-auth
Failed to connect to the controller: The controller is not available at localhost:9990:
java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990.
The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The
connection failed: JBREM000202: Abrupt close on Remoting connection 25b770fb to
localhost/127.0.0.1:9990 of endpoint "cli-client" <5a992706>
{code}
was:
These steps work correctly with EAP 7.1.0.DR11, but fail with EAP 7.1.0.DR12:
1) Add user - add following line to {{standalone/configuration/mgmt-users.properties}}
{code}
user1=pass@123
{code}
2) Configure application server:
{code}
/subsystem=elytron/sasl-authentication-factory=elytronSaslAuthnFactory:add(security-domain=ManagementDomain,sasl-server-factory=global,mechanism-configurations=[{mechanism-name=PLAIN}])
/subsystem=elytron/properties-realm=ManagementRealm:write-attribute(name=users-properties.plain-text,value=true)
{code}
3) Change http-interface to following:
{code}
<http-interface
http-authentication-factory="management-http-authentication">
<http-upgrade enabled="true"
sasl-authentication-factory="elytronSaslAuthnFactory"/>
<socket-binding http="management-http"/>
</http-interface>
{code}
4) try to authenticate to jboss CLI:
{code}
./jboss-cli.sh -c -u=user1 -p=pass@123 --no-local-auth
Failed to connect to the controller: The controller is not available at localhost:9990:
java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990.
The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The
connection failed: JBREM000202: Abrupt close on Remoting connection 25b770fb to
localhost/127.0.0.1:9990 of endpoint "cli-client" <5a992706>
{code}
JBoss CLI is not able to connect to interface secured by Elytron SASL
factories with PLAIN mechanism
----------------------------------------------------------------------------------------------------
Key: WFLY-8194
URL: https://issues.jboss.org/browse/WFLY-8194
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Blocker
In case when PLAIN mechanism is used for Elytron SASL factories used by any of
management-interfaces then JBoss CLI is not able to connect to the server. This issue
happens with http-interface as well as native-interface. See Steps to Reproduce for more
details.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)