[jboss-jira] [JBoss JIRA] (WFLY-8900) Regression in DR19, Elytron unable to authenticate with kerberos using jboss-cli

Martin Choma (JIRA) issues at jboss.org
Tue Jun 6 09:06:00 EDT 2017 

Martin Choma created WFLY-8900:
----------------------------------

             Summary: Regression in DR19, Elytron unable to authenticate with kerberos using jboss-cli
                 Key: WFLY-8900
                 URL: https://issues.jboss.org/browse/WFLY-8900
             Project: WildFly
          Issue Type: Bug
          Components: Security
            Reporter: Martin Choma
            Assignee: Darran Lofthouse
            Priority: Blocker


Trying to connect with jboss-cli to server using kerberos leads to error 

{code}
14:41:22,654 TRACE [org.wildfly.security.sasl.gssapi.server] (management task-7) Client selected security layer AUTH, with maxBuffer of 65536
14:41:22,655 TRACE [org.jboss.remoting.remote.server] (management task-7) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05123: [GSSAPI] No security layer selected but message length received
	at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateMessage(GssapiServer.java:245)
	at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
	at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateResponse(GssapiServer.java:121)
	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57)
	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
	at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
	at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:470)
	at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:902)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
{code}

Error message is little bit confusing as previous log message claims AUTH security layer is selected.

Looking into code does not reveal meaning to me neither.
{code:java|title=GssapiServer.java}
	log.tracef("Client selected security layer %s, with maxBuffer of %d", selectedQop, maxBuffer);
	if (relaxComplianceChecks == false && selectedQop == QOP.AUTH && maxBuffer != 0) {
	    throw log.mechNoSecurityLayerButLengthReceived(getMechanismName()).toSaslException();
	}
{code}




--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list