[jboss-jira] [JBoss JIRA] (WFLY-8194) JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism
Ondrej Lukas (JIRA)
issues at jboss.org
Wed Feb 22 06:53:00 EST 2017
[ https://issues.jboss.org/browse/WFLY-8194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ondrej Lukas updated WFLY-8194:
-------------------------------
Steps to Reproduce:
1) Add user - add following line to {{standalone/configuration/mgmt-users.properties}}
{code}
user1=pass at 123
{code}
2) Configure application server:
{code}
/subsystem=elytron/sasl-authentication-factory=elytronSaslAuthnFactory:add(security-domain=ManagementDomain,sasl-server-factory=global,mechanism-configurations=[{mechanism-name=PLAIN}])
/subsystem=elytron/properties-realm=ManagementRealm:write-attribute(name=users-properties.plain-text,value=true)
{code}
3) Change http-interface to following:
{code}
<http-interface http-authentication-factory="management-http-authentication">
<http-upgrade enabled="true" sasl-authentication-factory="elytronSaslAuthnFactory"/>
<socket-binding http="management-http"/>
</http-interface>
{code}
4) try to authenticate to jboss CLI:
{code}
./jboss-cli.sh -c -u=user1 -p=pass at 123 --no-local-auth
Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: JBREM000202: Abrupt close on Remoting connection 25b770fb to localhost/127.0.0.1:9990 of endpoint "cli-client" <5a992706>
{code}
was:
These steps work correctly with EAP 7.1.0.DR11, but fail with EAP 7.1.0.DR12:
1) Add user - add following line to {{standalone/configuration/mgmt-users.properties}}
{code}
user1=pass at 123
{code}
2) Configure application server:
{code}
/subsystem=elytron/sasl-authentication-factory=elytronSaslAuthnFactory:add(security-domain=ManagementDomain,sasl-server-factory=global,mechanism-configurations=[{mechanism-name=PLAIN}])
/subsystem=elytron/properties-realm=ManagementRealm:write-attribute(name=users-properties.plain-text,value=true)
{code}
3) Change http-interface to following:
{code}
<http-interface http-authentication-factory="management-http-authentication">
<http-upgrade enabled="true" sasl-authentication-factory="elytronSaslAuthnFactory"/>
<socket-binding http="management-http"/>
</http-interface>
{code}
4) try to authenticate to jboss CLI:
{code}
./jboss-cli.sh -c -u=user1 -p=pass at 123 --no-local-auth
Failed to connect to the controller: The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: WFLYPRT0053: Could not connect to remote+http://localhost:9990. The connection failed: JBREM000202: Abrupt close on Remoting connection 25b770fb to localhost/127.0.0.1:9990 of endpoint "cli-client" <5a992706>
{code}
> JBoss CLI is not able to connect to interface secured by Elytron SASL factories with PLAIN mechanism
> ----------------------------------------------------------------------------------------------------
>
> Key: WFLY-8194
> URL: https://issues.jboss.org/browse/WFLY-8194
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Ondrej Lukas
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> In case when PLAIN mechanism is used for Elytron SASL factories used by any of management-interfaces then JBoss CLI is not able to connect to the server. This issue happens with http-interface as well as native-interface. See Steps to Reproduce for more details.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list