Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.ER2
Affects Version/s: 7.1.0.DR18
Component/s: Security
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Links:

When Elytron client configuration file includes sasl-mechanism-selector with string which contains more mechanisms then only the last mentioned mechanism is used. In correct behavior it should use all given mechanisms in given order, see [1].

In case when the last given mechanism is supported by server then it tries to authenticate, otherwise no mechanism is used to attempt to authenticate.

For example, following element for selector can be used in Elytron client configuration file:

<sasl-mechanism-selector selector="PLAIN DIGEST-MD5 ANONYMOUS JBOSS-LOCAL-USER"/>

When only DIGEST-MD5 is supported by server then it works only if DIGEST-MD5 is the last mechanism in selector string.

[1] https://issues.jboss.org/browse/EAP7-567?focusedCommentId=13408238&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13408238

is cloned by

ELY-1185 Only the last mechanism selector is used in Elytron client configuration

Resolved

is related to

JBEAP-11067 FAMILY and HASH selectors in Elytron client are parsed incorrectly

Verified

JBEAP-11077 Mechanism names in 'or, 'and', 'eq' or 'if' predicates are not parsed correctly in mechanism selector in Elytron client

Verified

Assignee:: Jan Kalina (Inactive)

Reporter:: Ondrej Lukas (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/05/22 12:27 PM

Updated:: 2021/10/24 6:11 AM

Resolved:: 2017/06/12 10:51 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates