Martin Choma created WFCORE-2649:
------------------------------------
Summary: Elytron, WWW-Authenticate Negotiate header is send although SPNEGO
is misconfigured
Key: WFCORE-2649
URL:
https://issues.jboss.org/browse/WFCORE-2649
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Priority: Critical
If SPNEGO is misconfigured Negotiate header is still send back to client, although SPNEGO
can't be used.
{code}
13:19:20,861 TRACE [org.wildfly.security] (management task-6) Handling
MechanismInformationCallback type='HTTP' name='BASIC'
host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling
AvailableRealmsCallback: realms = [fileSystemFallbackRealm]
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling
MechanismInformationCallback type='HTTP' name='CLIENT_CERT'
host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6)
java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for
mechanismType='HTTP', mechanismName='CLIENT_CERT',
hostName='localhost.localdomain', protocol='http'.
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling
MechanismInformationCallback type='HTTP' name='DIGEST'
host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6)
java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for
mechanismType='HTTP', mechanismName='DIGEST',
hostName='localhost.localdomain', protocol='http'.
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling
MechanismInformationCallback type='HTTP' name='FORM'
host-name='localhost.localdomain' protocol='http'
13:19:20,862 TRACE [org.wildfly.security] (management task-6)
java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for
mechanismType='HTTP', mechanismName='FORM',
hostName='localhost.localdomain', protocol='http'.
13:19:20,862 TRACE [org.wildfly.security] (management task-6) Handling
MechanismInformationCallback type='HTTP' name='SPNEGO'
host-name='localhost.localdomain' protocol='http'
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Evaluating SPNEGO request:
cached GSSContext = null
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Obtaining GSSCredential for
the service from callback handler...
13:19:20,863 TRACE [org.wildfly.security] (management task-6) No valid cached credential,
obtaining new one...
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using
LoginContext and subject [Subject:
]
13:19:20,863 INFO [stdout] (management task-6) Debug is true storeKey true
useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator
false KeyTab is
/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab
refreshKrb5Config is false principal is HTTP/wronghost(a)JBOSS.ORG tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
13:19:20,863 INFO [stdout] (management task-6) principal is HTTP/wronghost(a)JBOSS.ORG
13:19:20,863 INFO [stdout] (management task-6) Will use keytab
13:19:20,863 INFO [stdout] (management task-6) Commit Succeeded
13:19:20,863 INFO [stdout] (management task-6)
13:19:20,863 TRACE [org.wildfly.security] (management task-6) Logging in using
LoginContext and subject [Subject:
Principal: HTTP/wronghost(a)JBOSS.ORG
Private Credential:
/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.4985635734744374940.keytab
for HTTP/wronghost(a)JBOSS.ORG
] succeed
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Creating GSSName for
Principal 'HTTP/wronghost(a)JBOSS.ORG'
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Obtained
GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f]
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling
ServerCredentialCallback: successfully obtained credential type type=class
org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Using
SpnegoAuthenticationMechanism to authenticate HTTP/wronghost(a)JBOSS.ORG using the following
mechanisms: [[Lorg.ietf.jgss.Oid;@4133c756]
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching GSSContext
sun.security.jgss.GSSContextImpl@3adbbdae
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Caching KerberosTicket null
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Sent HTTP authorizations:
[null]
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Request lacks valid
authentication credentials
13:19:20,864 TRACE [org.wildfly.security] (management task-6) Handling
MechanismInformationCallback type='HTTP' name='BEARER_TOKEN'
host-name='localhost.localdomain' protocol='http'
13:19:20,864 TRACE [org.wildfly.security] (management task-6)
java.lang.IllegalStateException: ELY01119: Unable to resolve MechanismConfiguration for
mechanismType='HTTP', mechanismName='BEARER_TOKEN',
hostName='localhost.localdomain', protocol='http'.
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)