Elytron sasl-mechanism-selector token #MUTUAL incorrectly requires SSL context ------------------------------------------------------------------------------ Key: ELY-1218 URL: https://issues.jboss.org/browse/ELY-1218 Project: WildFly Elytron Issue Type: Bug Affects Versions: 1.1.0.Beta47 Reporter: Ondrej Lukas Assignee: Darran Lofthouse Priority: Critical Token #MUTUAL should work as follow: _{{#MUTUAL}} - matches all mechanisms which authenticate the server in some way (this might just mean, making the server prove that the server knows the password); currently matches {{#FAMILY(SCRAM)}} and {{#FAMILY(GS2)}} but may be adjusted in the future as new mechanisms are available._ [1] However it also incorrectly requires SSL context to be used, in {{SaslMechanismPredicate.MUTUAL}} [2] see: {code} boolean test(final String mechName, final SSLSession sslSession) { return sslSession != null && SaslMechanismInformation.MUTUAL.test(mechName); } {code} SSL context should not be required for {{#FAMILY(SCRAM)}} or {{#FAMILY(GS2)}}. [1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&pa... [2] https://github.com/wildfly-security/wildfly-elytron/blob/03e583dd476dbbdf...