[jboss-jira] [JBoss JIRA] (ELY-1940) Elytron LDAP Squashes Authentication Exception

Tue Mar 17 11:24:36 EDT 2020

     [ https://issues.redhat.com/browse/ELY-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated ELY-1940:
----------------------------------
    Fix Version/s: 1.12.0.CR1


> Elytron LDAP Squashes Authentication Exception
> ----------------------------------------------
>
>                 Key: ELY-1940
>                 URL: https://issues.redhat.com/browse/ELY-1940
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Authentication Mechanisms
>            Reporter: Lin Gao
>            Assignee: Lin Gao
>            Priority: Major
>              Labels: downstream_dependency, elytron, ldap, logging
>             Fix For: 1.6.6.Final, 1.12.0.CR1
>
>
> Trace logging shows:
> {code}
> 2020-03-10 13:51:38,549 DEBUG [org.wildfly.security] (management task-1) Found entry [uid=dguthrie,ou=users,dc=example,dc=com].
> 2020-03-10 13:51:38,550 DEBUG [org.wildfly.security] (management task-1) Identity for principal [dguthrie] found at [uid=dguthrie,ou=users,dc=example,dc=com].
> 2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Credential direct evidence verification failed. DN: [uid=dguthrie,ou=users,dc=example,dc=com]
> 2020-03-10 13:51:38,581 DEBUG [org.wildfly.security] (management task-1) Context [javax.naming.ldap.InitialLdapContext at 25061db2] was closed. Connection closed or just returned to the pool.
> 2020-03-10 13:51:38,581 TRACE [org.wildfly.security] (management task-1) Handling AuthenticationCompleteCallback: fail
> 2020-03-10 13:51:38,582 TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified
> {code}
>   
> Where "Credential direct evidence verification failed. DN [uid=dguthrie,ou=users,dc=example,dc=com]" is missing the exception or even a reason.
> In DirectEvidenceVerifier.java around line 102 in the Exception handler it has
> {code}
> log.debugf("Credential direct evidence verification failed. DN: [%s]", distinguishedName,e);
> {code}
> In this case, the "e" is the exception, but that parameter position is for the string formatting for which there is no token in the formatter.  I believe what they meant to write was:
> {code}
> log.debugf(e, "Credential direct evidence verification failed. DN: [%s]", distinguishedName);
> {code}
> See [GitHub|https://github.com/jbossas/wildfly-elytron/blob/96c2273dc0503a23d153b25b3eb55de986e53003/src/main/java/org/wildfly/security/auth/realm/ldap/DirectEvidenceVerifier.java#L102]
> where the first parameter is the exception.  A customer is migrating from legacy to elytron, and they have been using the LDAP error codes in the log for their internal IT to help figure out why people failed login. It's also invaluable for support.


--
This message was sent by Atlassian Jira
(v7.13.8#713008)