[jboss-jira] [JBoss JIRA] (WFLY-8914) SPNEGOLoginModuleTestCase#testIdentityPropagation fails with IBM on some machines

Martin Choma (JIRA) issues at jboss.org
Fri Jun 9 01:15:00 EDT 2017 

Martin Choma created WFLY-8914:
----------------------------------

             Summary: SPNEGOLoginModuleTestCase#testIdentityPropagation fails with IBM on some machines
                 Key: WFLY-8914
                 URL: https://issues.jboss.org/browse/WFLY-8914
             Project: WildFly
          Issue Type: Bug
          Components: Test Suite
    Affects Versions: 11.0.0.Alpha1
            Reporter: Martin Choma
            Priority: Minor


IBM java sends address in delegated kerberos ticket. ApacheDS includes this address into ticket and check that address with address of client (taken from connection). On some machines, these addresses doesn't match. 

Those are machines when there are several virtual IPs and if node0 is set to non-first IP address, ApacheDS address check fails.

See details in https://issues.apache.org/jira/browse/DIRSERVER-2156

{code}
15:14:11,302 ERROR [io.undertow.request] (default task-32) UT005023: Exception handling request to /f1eb2aa6-5139-4bce-bad8-ad9a49d3912f/protected/PropagateIdentityServlet: javax.servlet.ServletException: Propagation failed.
	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:87)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:792)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.lang.Thread.run(Thread.java:785)
Caused by: org.ietf.jgss.GSSException, major code: 11, minor code: 0
	major string: General failure, unspecified at GSSAPI level
	minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.KrbException, status code: 38
	message: Incorrect net address
	at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:33)
	at com.ibm.security.jgss.mech.krb5.g.a(g.java:23)
	at com.ibm.security.jgss.mech.krb5.g.initSecContext(g.java:814)
	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:337)
	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:437)
	at org.jboss.eapqe.krbldap.utils.krb.GSSTestClient.getName(GSSTestClient.java:100)
	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:85)
	... 32 more
{code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list