[jboss-jira] [JBoss JIRA] (WFCORE-3044) Remoting connection sharing causes authentication failures - DIGEST SASL mechanism
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Jul 7 12:31:00 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-3044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse moved WFLY-8799 to WFCORE-3044:
------------------------------------------------
Project: WildFly Core (was: WildFly)
Key: WFCORE-3044 (was: WFLY-8799)
Component/s: Remoting
Security
(was: Remoting)
(was: Security)
> Remoting connection sharing causes authentication failures - DIGEST SASL mechanism
> ----------------------------------------------------------------------------------
>
> Key: WFCORE-3044
> URL: https://issues.jboss.org/browse/WFCORE-3044
> Project: WildFly Core
> Issue Type: Bug
> Components: Remoting, Security
> Reporter: Josef Cacek
> Assignee: David Lloyd
> Priority: Blocker
> Fix For: 3.0.0.Beta29
>
>
> Server rejects DIGEST SASL authentication in some cases when an existing remoting connection is reused. It seems the protocol name is not updated or matched correctly. The root cause of the problem is moreover hidden due to JBEAP-10953.
> Clients just get:
> {noformat}
> Caused by: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication
> at org.jboss.remoting3.ConnectionPeerIdentityContext.doAuthenticate(ConnectionPeerIdentityContext.java:340)
> at org.jboss.remoting3.ConnectionPeerIdentityContext.authenticate(ConnectionPeerIdentityContext.java:178)
> at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:478)
> at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:467)
> ...
> {noformat}
> The hidden exception stack trace is:
> {noformat}
> javax.security.sasl.SaslException: ELY05088: [DIGEST-MD5] digest-uri "remote+http/doma" not accepted
> at org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:239)
> at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:355)
> at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
> at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:328)
> at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
> at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
> at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57)
> at org.jboss.remoting3.ConnectionImpl.lambda$receiveAuthResponse$3(ConnectionImpl.java:273)
> at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:897)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> {noformat}
> We hit this problem as an intermittent failure in the AS testsuite.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list