]
Martin Choma commented on ELY-1524:
-----------------------------------
Yes, it was used in both cases jdk8 and jdk9. Could that cause jdk9 error message to be
less comprehensive?
Elytron error message less comprehensive in jdk9 compared to jdk8
-----------------------------------------------------------------
Key: ELY-1524
URL:
https://issues.jboss.org/browse/ELY-1524
Project: WildFly Elytron
Issue Type: Bug
Components: Authentication Mechanisms
Affects Versions: 1.2.0.Final
Reporter: Martin Choma
I like jdk8 error message where there is obvious GS2-KRB5 has been attempted but failed
for some reason, PLAIN has been attempted, but failed for some reason.
{code:title=jdk8}
Failed to connect to the controller: Unable to authenticate against controller at
localhost:9993: Authentication failed: all available authentication mechanisms failed:
GS2-KRB5: javax.security.sasl.SaslException: GS2-KRB5: Server rejected authentication
PLAIN: javax.security.sasl.SaslException: ELY05053: Callback handler failed for
unknown reason [Caused by java.io.IOException: Failed to read username: Invalid Usage.
Prompt attempted in non-interactive mode. Please check commands or change CLI mode.]
{code}
Whereas in jdk9 error message hides the fact GS2-KRB5 was attempted and just prints error
for PLAIN mechanism, but does not mention explicitely it is PLAIN mechanism
{code:title=jdk9}
Failed to connect to the controller: Unable to authenticate against controller at
localhost:9993: Cannot get password: Failed to read username: Invalid Usage. Prompt
attempted in non-interactive mode. Please check commands or change CLI mode.
{code}
This is general question, but I have hit this with this specific use case:
1. server is configured to use GS2-KRB5 and PLAIN
2. server is configured with TLS
3. client is configured to use GS2-KRB5
4. expectation is authentication should be not successful because channel binding
GS2-KRB5-PLUS should be used.