[jboss-jira] [JBoss JIRA] (SECURITY-899) Probable error code in SPNEGOLoginModule
Victor Neves (JIRA)
issues at jboss.org
Tue Jul 21 12:45:04 EDT 2015
Victor Neves created SECURITY-899:
-------------------------------------
Summary: Probable error code in SPNEGOLoginModule
Key: SECURITY-899
URL: https://issues.jboss.org/browse/SECURITY-899
Project: PicketBox
Issue Type: Bug
Components: Negotiation
Affects Versions: Negotiation_2_3_7_Final, Negotiation_2_2_11
Reporter: Victor Neves
Assignee: Darran Lofthouse
Priority: Minor
Hi, first, sorry for my bad english... so, here go!
I'm testing Jboss Negotiation Toolkit, and i configured my jboss like https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/Security_Guide/chap-Authentication_and_Authorization.html , but i receive this error:
{quote}DEBUG [org.jboss.security] (http-/0.0.0.0:8080-1) PBOX000206: Login failure: javax.security.auth.login.LoginException: No NegotiationContext and no usernamePasswordDomain defined.{quote}
Looking inter the source code, i saw:
{quote}
protected Object innerLogin() throws LoginException
{
NegotiationContext negotiationContext = NegotiationContext.getCurrentNegotiationContext();
if (negotiationContext == null)
{
{color:red} if (usernamePasswordDomain == null){color}
{
throw new LoginException("No NegotiationContext and no usernamePasswordDomain defined.");
}
return usernamePasswordLogin();
}
else
{
return spnegoLogin(negotiationContext);
}
}{quote}
But the documentation dont say anything about _usernamePasswordDomain_ !! And in the fisrt IF the _negotiationContext_ ALWAYS return NULL !! I dont kown if its a bug ...
this is my configuration in JBoss EAP 6.3 :
{quote}
<security-domain name="kerberos" cache-type="default">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="debug" value="true"/>
<module-option name="principal" value="victor at MY_REALM.BR"/>
<module-option name="keyTab" value="C:\desenvolvimento\webserver\appserver.keytab"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="SPNEGO" cache-type="default">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="kerberos"/>
</login-module>
<login-module code="org.jboss.security.negotiation.AdvancedLdapLoginModule" flag="required">
<module-option name="allowEmptyPasswords" value="true"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="searchTimeLimit" value="5000"/>
<module-option name="baseCtxDN" value="ou=People,o=victor,dc=xxx,dc=yyy"/>
<module-option name="baseFilter" value="(uid= 0 )"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="java.naming.provider.url" value="ldap://xx.xxx.xx.xx:389"/>
<module-option name="roleFilter" value="(uniqueMember=uid= 0,ou=People,o=victor,dc=xxx,dc=yyy)"/>
<module-option name="rolesCtxDN" value="cn=SIABC,ou=Groups,o=victor,dc=xxx,dc=yyy"/>
</login-module>
</authentication>
</security-domain>
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list