Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.CR1
Affects Version/s: 7.1.0.DR19
Component/s: Security
Labels:
None

Affects Testing:

Regression
Target Release:

7.1.0.GA
Steps to Reproduce:
Hide

Configure EAP

<security-realm name="TestKerberosRealm"> <server-identities> <kerberos> <keytab principal="remote/localhost.localdomain@JBOSS.ORG" path="/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.3883043102971544889.keytab" debug="true"/> </kerberos> </server-identities> <authentication> <kerberos/> <jaas name="JBossTestDomain"/> </authentication> </security-realm> <subsystem xmlns="urn:jboss:domain:remoting:4.0"> <endpoint/> <http-connector name="http-remoting-connector" connector-ref="default" security-realm="TestKerberosRealm"/> </subsystem> <security-domain name="JBossTestDomain"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="rolesProperties" value="/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/roles.properties"/> <module-option name="usersProperties" value="/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/users.properties"/> </login-module> </authentication> </security-domain>
Show
Configure EAP <security-realm name= "TestKerberosRealm" > <server-identities> <kerberos> <keytab principal= "remote/localhost.localdomain@JBOSS.ORG" path= "/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/krb/krb.3883043102971544889.keytab" debug= "true" /> </kerberos> </server-identities> <authentication> <kerberos/> <jaas name= "JBossTestDomain" /> </authentication> </security-realm> <subsystem xmlns= "urn:jboss:domain:remoting:4.0" > <endpoint/> <http-connector name= "http-remoting-connector" connector-ref= "default" security-realm= "TestKerberosRealm" /> </subsystem> <security-domain name= "JBossTestDomain" > <authentication> <login-module code= "UsersRoles" flag= "required" > <module-option name= "rolesProperties" value= "/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/roles.properties" /> <module-option name= "usersProperties" value= "/home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap7/target/users.properties" /> </login-module> </authentication> </security-domain>

SFDC Cases Counter:
SFDC Cases Links:

Description

Given EJB secured with kerberos + fallback, using legacy security solution [1]
When I try to authenticate using correct Kerberos ticket and wrong username/password.
Then PLAIN SASL mechanism fails and GSSAPI is not performed.

Same scenario works correctly in

7.0
7.1 Elytron way

I have attached server.log for:

no username password provided
wrong username password provided

[1] https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/how_to_set_up_sso_with_kerberos/#configure-krb-remoting

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

no_username_password.log
15 kB
2017/06/01 8:55 AM
standalone.xml
33 kB
2017/06/01 9:12 AM
wrong_username_password.log
44 kB
2017/06/01 8:55 AM

Issue Links

is cloned by

WFLY-8872 Regression, kerberos + fallback ejb legacy security solution GSSAPI SASL mechanism not called

Closed

is related to

JBEAP-11293 Tests influencing issue. EJB client prefers last sucessful mechanism.

Verified

Activity

People

Assignee:: Darran Lofthouse

Reporter:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017/06/01 8:54 AM

Updated:: 2021/10/24 6:41 AM

Resolved:: 2017/08/22 5:44 AM