[
https://issues.jboss.org/browse/WFCORE-1332?page=com.atlassian.jira.plugi...
]
Brian Stansberry moved JBEAP-3048 to WFCORE-1332:
-------------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-1332 (was: JBEAP-3048)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Domain Management
Security
(was: Domain Management)
(was: Security)
Target Release: (was: 7.0.0.GA)
Affects Version/s: 2.0.7.Final
(was: 7.0.0.ER4)
Referrals 'throw' does not work correctly for ldap
authentication to mgmt console with MS Active Directory
----------------------------------------------------------------------------------------------------------
Key: WFCORE-1332
URL:
https://issues.jboss.org/browse/WFCORE-1332
Project: WildFly Core
Issue Type: Bug
Components: Domain Management, Security
Affects Versions: 2.0.7.Final
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
In case when crossRef object to different domain is configured on MS Active Directory for
handling referrals and JBoss EAP 7 uses ldap authentication to mgmt console with
configured referrals 'throw' then authentication fails for referral users. It is
inconsistent with behavior of EAP with another LDAP providers (e.g. Red Hat Directory
Server). In correct behavior authentication should pass.
It seems it is caused by thrown LdapReferralException search method of
org.jboss.as.domain.management.security.LdapUserSearcherFactory.LdapUserSearcherImpl
before it is handled by try-catch block. Stack trace of thrown LdapReferralException:
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2975)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:125)
org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:66)
org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225)
org.jboss.as.domain.management.security.UserLdapCallbackHandler$LdapCallbackHandler.handle(UserLdapCallbackHandler.java:205)
org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:178)
org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:162)
org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:141)
io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:118)
org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)