[jboss-jira] [JBoss JIRA] (WFLY-8847) SPNEGOLoginModuleTestCase#testIdentityPropagation fails with IBM on some machines

Martin Choma (JIRA) issues at jboss.org
Fri May 26 03:59:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFLY-8847?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Choma updated WFLY-8847:
-------------------------------
    Steps to Reproduce: 
1. find name of your interface 
{code}ip -4 addr{code}
2. retgister 2 virtual IP addresses
{code}
sudo ifconfig enp0s25:0 192.168.1.16    
sudo ifconfig enp0s25:1 192.168.1.17
{code}
3. Configure IBM java on path
4. Run testsuite with second virtual address
{code}./integration-tests.sh -Dmaven.test.failure.ignore=true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile=false -Dnode0=192.168.1.17{code}


  was:
1. find name of your interface 
{code}ip -4 addr{code}
2. retgister 2 virtual IP addresses
{code}
sudo ifconfig enp0s25:0 192.168.1.16    
sudo ifconfig enp0s25:1 192.168.1.17
{code}
3. Configure IBM java on path
4. {code}./integration-tests.sh -Dmaven.test.failure.ignore=true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile=false -Dnode0=192.168.1.17{code}




> SPNEGOLoginModuleTestCase#testIdentityPropagation fails with IBM on some machines
> ---------------------------------------------------------------------------------
>
>                 Key: WFLY-8847
>                 URL: https://issues.jboss.org/browse/WFLY-8847
>             Project: WildFly
>          Issue Type: Bug
>          Components: Test Suite
>    Affects Versions: 11.0.0.Alpha1
>            Reporter: Martin Choma
>            Priority: Minor
>
> IBM java sends address in delegated kerberos ticket. ApacheDS includes this address into ticket and check that address with address of client (taken from connection). On some machines, these addresses doesn't
> match. 
> Those are machines when there are several virtual IPs and if node0 is set to non-first IP address, ApacheDS address check fails.
> See details in https://issues.apache.org/jira/browse/DIRSERVER-2156
> {code}
> 15:14:11,302 ERROR [io.undertow.request] (default task-32) UT005023: Exception handling request to /f1eb2aa6-5139-4bce-bad8-ad9a49d3912f/protected/PropagateIdentityServlet: javax.servlet.ServletException: Propagation failed.
> 	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:87)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
> 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
> 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
> 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
> 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
> 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
> 	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
> 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
> 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
> 	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
> 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
> 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
> 	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
> 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
> 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
> 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
> 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
> 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
> 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
> 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:792)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> 	at java.lang.Thread.run(Thread.java:785)
> Caused by: org.ietf.jgss.GSSException, major code: 11, minor code: 0
> 	major string: General failure, unspecified at GSSAPI level
> 	minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.KrbException, status code: 38
> 	message: Incorrect net address
> 	at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:33)
> 	at com.ibm.security.jgss.mech.krb5.g.a(g.java:23)
> 	at com.ibm.security.jgss.mech.krb5.g.initSecContext(g.java:814)
> 	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:337)
> 	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:437)
> 	at org.jboss.eapqe.krbldap.utils.krb.GSSTestClient.getName(GSSTestClient.java:100)
> 	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:85)
> 	... 32 more
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list