[jboss-jira] [JBoss JIRA] (WFLY-8799) Remoting connection sharing causes authentication failures - DIGEST SASL mechanism

Josef Cacek (JIRA) issues at jboss.org
Wed May 17 13:34:01 EDT 2017 

Josef Cacek created WFLY-8799:
---------------------------------

             Summary: Remoting connection sharing causes authentication failures - DIGEST SASL mechanism
                 Key: WFLY-8799
                 URL: https://issues.jboss.org/browse/WFLY-8799
             Project: WildFly
          Issue Type: Bug
          Components: Remoting, Security
            Reporter: Josef Cacek
            Assignee: David Lloyd
            Priority: Blocker


Server rejects DIGEST SASL authentication in some cases when an existing remoting connection is reused. It seems the protocol name is not updated or matched correctly. The root cause of the problem is moreover hidden due to JBEAP-10953.
Clients just get:
{noformat}
Caused by: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication
	at org.jboss.remoting3.ConnectionPeerIdentityContext.doAuthenticate(ConnectionPeerIdentityContext.java:340)
	at org.jboss.remoting3.ConnectionPeerIdentityContext.authenticate(ConnectionPeerIdentityContext.java:178)
	at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:478)
	at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:467)
        ...
{noformat}

The hidden exception stack trace is:
{noformat}
javax.security.sasl.SaslException: ELY05088: [DIGEST-MD5] digest-uri "remote+http/doma" not accepted
	at org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:239)
	at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:355)
	at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
	at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:328)
	at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
	at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
	at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57)
	at org.jboss.remoting3.ConnectionImpl.lambda$receiveAuthResponse$3(ConnectionImpl.java:273)
	at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:897)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
{noformat}

We hit this problem as an intermittent failure in the AS testsuite.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list