[ https://issues.redhat.com/browse/ELY-1976?page=com.atlassian.jira.plugin.... ] Sonia Zaldana updated ELY-1976: ------------------------------- Description: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. {code:java} <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> {code} The provider configuration in wildfly-config.xml is specified correctly: {code:java} <providers> <use-service-loader /> </providers> {code} The problem seems to be in {code:java}PasswordFactory.getInstance(){code} in {code:java}KeyStoreCredentialStore{code} where we aren't setting the providers we have configured. Instead, it seems to use {code:java}INSTALLED_PROVIDERS{code} which does not have the Elytron providers. was: Trying to configure an ejb client with Sasl authentication using a credential store causes an "Invalid algorithm clear" error as follows: {code:java} Suppressed: javax.security.sasl.SaslException: ELY05053: Callback handler failed for unknown reason [Caused by java.io.IOException: ELY01030: Unable to read credential] at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:160) at org.wildfly.security.mechanism._private.MechanismUtil.getPasswordCredential(MechanismUtil.java:102) at org.wildfly.security.mechanism.scram.ScramClient.handleInitialChallenge(ScramClient.java:245) at org.wildfly.security.sasl.scram.ScramSaslClient.evaluateMessage(ScramSaslClient.java:75) at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:219) at org.wildfly.security.sasl.util.AbstractSaslClient.evaluateChallenge(AbstractSaslClient.java:98) at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54) at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55) at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:649) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: java.io.IOException: ELY01030: Unable to read credential at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:92) at org.wildfly.security.credential.source.CredentialSource$1.getCredential(CredentialSource.java:207) at org.wildfly.security.auth.client.AuthenticationConfiguration$ClientCallbackHandler.handle(AuthenticationConfiguration.java:1841) at org.wildfly.security.sasl.util.LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.handle(LocalPrincipalSaslClientFactory.java:93) at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:156) ... 16 more Caused by: org.wildfly.security.credential.store.CredentialStoreException: ELY09504: Cannot acquire a credential from the credential store at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:683) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:303) at org.wildfly.security.credential.store.CredentialStore.retrieve(CredentialStore.java:287) at org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource.getCredential(CredentialStoreCredentialSource.java:88) ... 20 more Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear" at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:122) at org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:76) at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.retrieve(KeyStoreCredentialStore.java:679) ... 23 more {code} Here is my wildfly-config.xml where the credential-store-reference has been configured. {code:java} <configuration> <authentication-client xmlns="urn:elytron:client:1.5"> <credential-stores> <credential-store name="mycredstore"> <attributes> <attribute name="keyStoreType" value="JCEKS"/> <attribute name="location" value="/home/szcalles/Wildfly/wildfly/build/target/wildfly-20.0.0.Final-SNAPSHOT/standalone/configuration/mycredstore.cs"></attribute> </attributes> <protection-parameter-credentials> <clear-password password="StorePassword"/> </protection-parameter-credentials> </credential-store> </credential-stores> <authentication-rules> <rule use-configuration="default-config"/> </authentication-rules> <authentication-configurations> <configuration name="default-config"> <set-user-name name="quickstartUser"/> <credentials> <credential-store-reference store="mycredstore" alias="quickstartUser"/> </credentials> <sasl-mechanism-selector selector="SCRAM-SHA-512"/> <providers> <use-service-loader /> </providers> </configuration> </authentication-configurations> </authentication-client> </configuration> {code} The provider configuration in wildfly-config.xml is specified correctly: ``` <providers> <use-service-loader /> </providers> ``` The problem seems to be in ```PasswordFactory.getInstance()``` in ```KeyStoreCredentialStore``` where we aren't setting the providers we have configured. Instead, it seems to use ```INSTALLED_PROVIDERS``` which does not have the Elytron providers. -- This message was sent by Atlassian Jira (v7.13.8#713008)