[
https://issues.jboss.org/browse/WFCORE-2380?page=com.atlassian.jira.plugi...
]
Jan Kalina edited comment on WFCORE-2380 at 4/2/17 3:36 AM:
------------------------------------------------------------
Adding configurable-sasl-server-factory necessary, or trying individual mechanisms exceeds
8 allowed authentication attemps:
{code:xml}
<configurable-sasl-server-factory name="elytronConfigurableSasl"
sasl-server-factory="global">
<filters>
<filter>
<pattern-filter value="PLAIN"/>
</filter>
</filters>
</configurable-sasl-server-factory>
{code}
Only considerable improvement could be automatic filtering in sasl-authentication-factory
by configured mechanisms - but *mechanism-name* is optional here, so it would work only
when it would be specified for all *<mechanism>*.
[~dlofthouse] What do you thing about solution using automatic filtering when
mechanism-name for all configurations specified?
was (Author: honza889):
Adding configurable-sasl-server-factory necessary, or individual mechanism exceeds 8
allowed authentication attemps:
{code:xml}
<configurable-sasl-server-factory name="elytronConfigurableSasl"
sasl-server-factory="global">
<filters>
<filter>
<pattern-filter value="PLAIN"/>
</filter>
</filters>
</configurable-sasl-server-factory>
{code}
Only considerable improvement could be automatic filtering in sasl-authentication-factory
by configured mechanisms - but mechanism name is optional here, so it would work only when
it would be specified for all <mechanism>.
JBoss CLI is not able to connect to interface secured by Elytron SASL
factories with PLAIN mechanism
----------------------------------------------------------------------------------------------------
Key: WFCORE-2380
URL:
https://issues.jboss.org/browse/WFCORE-2380
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Jan Kalina
Priority: Blocker
In case when PLAIN mechanism is used for Elytron SASL factories used by any of
management-interfaces then JBoss CLI is not able to connect to the server. This issue
happens with http-interface as well as native-interface. See Steps to Reproduce for more
details.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)