[jboss-jira] [JBoss JIRA] (ELY-1995) AggregateRealm is failing in authentication with token-realm

Farah Juma (Jira) issues at jboss.org
Thu Jun 11 11:17:26 EDT 2020 

     [ https://issues.redhat.com/browse/ELY-1995?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma updated ELY-1995:
----------------------------


> AggregateRealm is failing in authentication with token-realm
> ------------------------------------------------------------
>
>                 Key: ELY-1995
>                 URL: https://issues.redhat.com/browse/ELY-1995
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Major
>
> Authentication is failing when token-realm is set as an authentication-realm in aggregate-realm and ldap-realm is set as authorization realm. 
> It is found that {{AggregateSecurityRealm#getRealmIdentity}} is attempting to get the realm identity to be used for authentication using the JWT realm and it attempts to get the realm identity to be used for authorization using the LDAP realm. In both cases, the {{BearerTokenEvidence}} is being used to try to obtain the realm identity. The problem with this is that the {{LdapSecurityRealm}} won't be able to obtain the principal from the {{BearerTokenEvidence}} so the {{authorizationIdentity}} will just be the {{RealmIdentity.NON_EXISTENT}} identity, resulting in the "User does not exist" error.
> {panel}
> 2020-06-11 08:51:06,767 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='BEARER_TOKEN' host-name='localhost' protocol='http'
> 2020-06-11 08:51:06,769 TRACE [org.wildfly.security] (default task-1) Evidence verification: evidence = org.wildfly.security.evidence.BearerTokenEvidence at 2587e47f  evidencePrincipal = null
> 2020-06-11 08:51:06,782 DEBUG [org.wildfly.security] (default task-1) Token is using algorithm [RS256]
> 2020-06-11 08:51:06,789 DEBUG [org.wildfly.security] (default task-1) Token is using algorithm [RS256]
> 2020-06-11 08:51:06,792 TRACE [org.wildfly.security] (default task-1) BEARER_TOKEN: org.wildfly.security.http.HttpAuthenticationException: ELY05053: Callback handler failed for unknown reason
> 	at org.wildfly.security.mechanism._private.MechanismUtil.handleCallbacks(MechanismUtil.java:161)
> 	... 41 more
> {panel}
>  



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list