[jboss-jira] [JBoss JIRA] (WFCORE-2380) JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism

Jan Kalina (JIRA) issues at jboss.org
Sun Apr 2 03:37:00 EDT 2017 

    [ https://issues.jboss.org/browse/WFCORE-2380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13378600#comment-13378600 ] 

Jan Kalina edited comment on WFCORE-2380 at 4/2/17 3:36 AM:
------------------------------------------------------------

Adding configurable-sasl-server-factory necessary, or trying individual mechanisms exceeds 8 allowed authentication attemps:
{code:xml}
<configurable-sasl-server-factory name="elytronConfigurableSasl" sasl-server-factory="global">
    <filters>
        <filter>
            <pattern-filter value="PLAIN"/>
        </filter>
    </filters>
</configurable-sasl-server-factory>
{code}
Only considerable improvement could be automatic filtering in sasl-authentication-factory by configured mechanisms - but *mechanism-name* is optional here, so it would work only when it would be specified for all *<mechanism>*.
[~dlofthouse] What do you thing about solution using automatic filtering when mechanism-name for all configurations specified?


was (Author: honza889):
Adding configurable-sasl-server-factory necessary, or individual mechanism exceeds 8 allowed authentication attemps:
{code:xml}
<configurable-sasl-server-factory name="elytronConfigurableSasl" sasl-server-factory="global">
    <filters>
        <filter>
            <pattern-filter value="PLAIN"/>
        </filter>
    </filters>
</configurable-sasl-server-factory>
{code}
Only considerable improvement could be automatic filtering in sasl-authentication-factory by configured mechanisms - but mechanism name is optional here, so it would work only when it would be specified for all <mechanism>.

> JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism
> ----------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-2380
>                 URL: https://issues.jboss.org/browse/WFCORE-2380
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Ondrej Lukas
>            Assignee: Jan Kalina
>            Priority: Blocker
>
> In case when PLAIN mechanism is used for Elytron SASL factories used by any of management-interfaces then JBoss CLI is not able to connect to the server. This issue happens with http-interface as well as native-interface. See Steps to Reproduce for more details.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list