[jboss-jira] [JBoss JIRA] (WFCORE-1332) Referrals 'throw' does not work correctly for ldap authentication to mgmt console with MS Active Directory

Ivo Studensky (JIRA) issues at jboss.org
Thu Sep 22 08:09:00 EDT 2016 

     [ https://issues.jboss.org/browse/WFCORE-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ivo Studensky reassigned WFCORE-1332:
-------------------------------------

    Assignee: Ivo Studensky  (was: Darran Lofthouse)


> Referrals 'throw' does not work correctly for ldap authentication to mgmt console with MS Active Directory
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-1332
>                 URL: https://issues.jboss.org/browse/WFCORE-1332
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Domain Management, Security
>    Affects Versions: 2.0.7.Final
>            Reporter: Ondrej Lukas
>            Assignee: Ivo Studensky
>
> In case when crossRef object to different domain is configured on MS Active Directory for handling referrals and JBoss EAP 7 uses ldap authentication to mgmt console with configured referrals 'throw' then authentication fails for referral users. It is inconsistent with behavior of EAP with another LDAP providers (e.g. Red Hat Directory Server). In correct behavior authentication should pass.
> It seems it is caused by thrown LdapReferralException search method of org.jboss.as.domain.management.security.LdapUserSearcherFactory.LdapUserSearcherImpl before it is handled by try-catch block. Stack trace of thrown LdapReferralException:
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2975)
> com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
> com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
> com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786)
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418)
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396)
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:378)
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
> org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:125)
> org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:66)
> org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:225)
> org.jboss.as.domain.management.security.UserLdapCallbackHandler$LdapCallbackHandler.handle(UserLdapCallbackHandler.java:205)
> org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:178)
> org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:162)
> org.jboss.as.domain.http.server.security.RealmIdentityManager.verify(RealmIdentityManager.java:141)
> io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:118)
> org.jboss.as.domain.http.server.security.AuthenticationMechanismWrapper.authenticate(AuthenticationMechanismWrapper.java:52)
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
> io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
> io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
> io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
> io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
> io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50)
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> java.lang.Thread.run(Thread.java:745)



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list