[jboss-jira] [JBoss JIRA] (SECURITY-899) Probable error code in SPNEGOLoginModule
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Aug 21 08:05:00 EDT 2018
[ https://issues.jboss.org/browse/SECURITY-899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse reassigned SECURITY-899:
-----------------------------------------
Assignee: (was: Darran Lofthouse)
> Probable error code in SPNEGOLoginModule
> ----------------------------------------
>
> Key: SECURITY-899
> URL: https://issues.jboss.org/browse/SECURITY-899
> Project: PicketBox
> Issue Type: Bug
> Components: Negotiation
> Affects Versions: Negotiation_2_2_11, Negotiation_2_3_7_Final
> Reporter: Victor Neves
> Priority: Minor
>
> Hi, first, sorry for my bad english... so, here go!
> I'm testing Jboss Negotiation Toolkit, and i configured my jboss like https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/Security_Guide/chap-Authentication_and_Authorization.html , but i receive this error:
> {quote}DEBUG [org.jboss.security] (http-/0.0.0.0:8080-1) PBOX000206: Login failure: javax.security.auth.login.LoginException: No NegotiationContext and no usernamePasswordDomain defined.{quote}
> Looking inter the source code, i saw:
> {quote}
> protected Object innerLogin() throws LoginException
> {
> NegotiationContext negotiationContext = NegotiationContext.getCurrentNegotiationContext();
> if (negotiationContext == null)
> {
> {color:red} if (usernamePasswordDomain == null){color}
> {
> throw new LoginException("No NegotiationContext and no usernamePasswordDomain defined.");
> }
> return usernamePasswordLogin();
> }
> else
> {
> return spnegoLogin(negotiationContext);
> }
> }{quote}
> But the documentation dont say anything about _usernamePasswordDomain_ !! And in the fisrt IF the _negotiationContext_ ALWAYS return NULL !! I dont kown if its a bug ...
> this is my configuration in JBoss EAP 6.3 :
> {quote}
> <security-domain name="kerberos" cache-type="default">
> <authentication>
> <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
> <module-option name="storeKey" value="true"/>
> <module-option name="useKeyTab" value="true"/>
> <module-option name="doNotPrompt" value="true"/>
> <module-option name="debug" value="true"/>
> <module-option name="principal" value="victor at MY_REALM.BR"/>
> <module-option name="keyTab" value="C:\desenvolvimento\webserver\appserver.keytab"/>
> </login-module>
> </authentication>
> </security-domain>
> <security-domain name="SPNEGO" cache-type="default">
> <authentication>
> <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">
> <module-option name="password-stacking" value="useFirstPass"/>
> <module-option name="serverSecurityDomain" value="kerberos"/>
> </login-module>
> <login-module code="org.jboss.security.negotiation.AdvancedLdapLoginModule" flag="required">
> <module-option name="allowEmptyPasswords" value="true"/>
> <module-option name="throwValidateError" value="true"/>
> <module-option name="searchTimeLimit" value="5000"/>
> <module-option name="baseCtxDN" value="ou=People,o=victor,dc=xxx,dc=yyy"/>
> <module-option name="baseFilter" value="(uid= 0 )"/>
> <module-option name="roleAttributeIsDN" value="true"/>
> <module-option name="roleAttributeID" value="cn"/>
> <module-option name="roleNameAttributeID" value="cn"/>
> <module-option name="java.naming.provider.url" value="ldap://xx.xxx.xx.xx:389"/>
> <module-option name="roleFilter" value="(uniqueMember=uid= 0,ou=People,o=victor,dc=xxx,dc=yyy)"/>
> <module-option name="rolesCtxDN" value="cn=SIABC,ou=Groups,o=victor,dc=xxx,dc=yyy"/>
> </login-module>
> </authentication>
> </security-domain>
> {quote}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list