[jboss-jira] [JBoss JIRA] (WFLY-10914) Ldaps tests failing on IBM

[ https://issues.jboss.org/browse/WFLY-10914?page=com.atlassian.jira.plugin... ] Martin Choma commented on WFLY-10914: ------------------------------------- There is SSLHandshake Exception during ldaps connection {code} test3 08:12:49,257 TRACE [org.jboss.security] (default task-1) PBOX00354: Setting security roles ThreadLocal: null 08:12:49,259 TRACE [org.jboss.security] (default task-1) PBOX00354: Setting security roles ThreadLocal: null 08:12:49,260 TRACE [org.jboss.security] (default task-1) PBOX00200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@41a318e9, cache entry: null 08:12:49,261 TRACE [org.jboss.security] (default task-1) PBOX00209: defaultLogin, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@41a318e9 08:12:49,261 TRACE [org.jboss.security] (default task-1) PBOX00221: Begin getAppConfigurationEntry(test-DEP3), size: 13 08:12:49,261 TRACE [org.jboss.security] (default task-1) PBOX00224: End getAppConfigurationEntry(test-DEP3), AuthInfo: AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.negotiation.AdvancedLdapLoginModule ControlFlag: LoginModuleControlFlag: required Options: name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory name=java.naming.provider.url, value=ldaps://127.0.0.1:10636 name=referralUserAttributeIDToCheck, value=member name=rolesCtxDN, value=ou=Roles,o=example3,dc=jboss,dc=org name=roleFilter, value=(|(objectClass=referral)(member={1})) name=roleAttributeID, value=cn name=java.naming.security.authentication, value=simple name=bindDN, value=uid=admin,ou=system name=bindCredential, value=**** name=java.naming.referral, value=follow name=baseCtxDN, value=ou=People,o=example3,dc=jboss,dc=org name=throwValidateError, value=true name=baseFilter, value=(|(objectClass=referral)(cn={0})) 08:12:49,261 TRACE [org.jboss.security] (default task-1) PBOX00236: Begin initialize method 08:12:49,261 WARN [org.jboss.security] (default task-1) PBOX00234: Invalid or misspelled module option: throwValidateError 08:12:49,261 TRACE [org.jboss.security] (default task-1) PBOX00240: Begin login method 08:12:49,261 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (default task-1) Identity - Java Duke 08:12:49,261 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (default task-1) Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.referral=follow, java.naming.security.principal=uid=admin,ou=system, baseCtxDN=ou=People,o=example3,dc=jboss,dc=org, roleAttributeID=cn, roleFilter=(|(objectClass=referral)(member={1})), rolesCtxDN=ou=Roles,o=example3,dc=jboss,dc=org, referralUserAttributeIDToCheck=member, baseFilter=(|(objectClass=referral)(cn={0})), jboss.security.security_domain=test-DEP3, throwValidateError=true, java.naming.provider.url=ldaps://127.0.0.1:10636, bindDN=uid=admin,ou=system, java.naming.security.authentication=simple, bindCredential=***, java.naming.security.credentials=***} 08:12:49,425 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (default task-1) Login failed: javax.security.auth.login.LoginException: Unable to create new InitialLdapContext at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:499) at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:386) at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:981) at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:331) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) at java.lang.reflect.Method.invoke(Method.java:508) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) at java.security.AccessController.doPrivileged(AccessController.java:696) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696) at javax.security.auth.login.LoginContext.login(LoginContext.java:597) at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406) at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323) at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:123) at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:94) at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:167) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:268) at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231) at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125) at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99) at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction$$Lambda$733.00000000680A1620.call(Unknown Source) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$734.00000000680A2680.call(Unknown Source) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$734.00000000680A2680.call(Unknown Source) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$734.00000000680A2680.call(Unknown Source) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction$$Lambda$734.00000000680A2680.call(Unknown Source) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:360) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) at java.lang.Thread.run(Thread.java:811) Caused by: javax.naming.CommunicationException: 127.0.0.1:10636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present] at com.sun.jndi.ldap.Connection.<init>(Connection.java:250) at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:149) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1627) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2761) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:331) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:204) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:222) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:165) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:95) at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116) at org.jboss.as.naming.InitialContext.init(InitialContext.java:101) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:165) at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91) at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:695) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:324) at javax.naming.InitialContext.init(InitialContext.java:255) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:165) at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:495) ... 69 more Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present at com.ibm.jsse2.k.a(k.java:15) at com.ibm.jsse2.av.a(av.java:531) at com.ibm.jsse2.D.a(D.java:68) at com.ibm.jsse2.D.a(D.java:628) at com.ibm.jsse2.E.a(E.java:803) at com.ibm.jsse2.E.a(E.java:447) at com.ibm.jsse2.D.r(D.java:139) at com.ibm.jsse2.D.a(D.java:485) at com.ibm.jsse2.av.a(av.java:717) at com.ibm.jsse2.av.i(av.java:869) at com.ibm.jsse2.av.a(av.java:19) at com.ibm.jsse2.av.startHandshake(av.java:672) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:406) at com.sun.jndi.ldap.Connection.<init>(Connection.java:227) ... 87 more Caused by: java.security.cert.CertificateException: No subject alternative names present at com.ibm.jsse2.util.b.b(b.java:104) at com.ibm.jsse2.util.b.a(b.java:88) at com.ibm.jsse2.aD.a(aD.java:165) at com.ibm.jsse2.aD.a(aD.java:168) at com.ibm.jsse2.aD.a(aD.java:211) at com.ibm.jsse2.aD.checkServerTrusted(aD.java:162) at com.ibm.jsse2.E.a(E.java:831) ... 96 more {code} which reminds me latest jdk ldaps change: https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.htm... Setting -Dcom.sun.jndi.ldap.object.disableEndpointIdentification on server really helped. Strange is it does not occure on oracle jdk though. -- This message was sent by Atlassian JIRA (v7.5.0#75005)