Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11445

SPNEGOLoginModuleTestCase#testIdentityPropagation fails with IBM on some machines

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 7.1.0.ER2
    • 7.1.0.DR19
    • Test Suite
    • None
    • Hide

      1. find name of your interface 

      ip -4 addr

      2. retgister 2 virtual IP addresses

      sudo ifconfig enp0s25:0 192.168.1.16    
sudo ifconfig enp0s25:1 192.168.1.17

      3. Configure IBM java on path
      4. Run testsuite with second virtual address

      ./integration-tests.sh -Dmaven.test.failure.ignore=true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile=false -Dnode0=192.168.1.17
      Show
      1. find name of your interface ip -4 addr 2. retgister 2 virtual IP addresses sudo ifconfig enp0s25:0 192.168.1.16 sudo ifconfig enp0s25:1 192.168.1.17 3. Configure IBM java on path 4. Run testsuite with second virtual address ./integration-tests.sh -Dmaven.test.failure.ignore= true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile= false -Dnode0=192.168.1.17

      IBM java sends address in delegated kerberos ticket. ApacheDS includes this address into ticket and check that address with address of client (taken from connection). On some machines, these addresses doesn't match.

      Those are machines when there are several virtual IPs and if node0 is set to non-first IP address, ApacheDS address check fails.

      See details in https://issues.apache.org/jira/browse/DIRSERVER-2156

      �[31m15:14:11,302 ERROR [io.undertow.request] (default task-32) UT005023: Exception handling request to /f1eb2aa6-5139-4bce-bad8-ad9a49d3912f/protected/PropagateIdentityServlet: javax.servlet.ServletException: Propagation failed.
	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:87)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:792)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.lang.Thread.run(Thread.java:785)
Caused by: org.ietf.jgss.GSSException, major code: 11, minor code: 0
	major string: General failure, unspecified at GSSAPI level
	minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.KrbException, status code: 38
	message: Incorrect net address
	at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:33)
	at com.ibm.security.jgss.mech.krb5.g.a(g.java:23)
	at com.ibm.security.jgss.mech.krb5.g.initSecContext(g.java:814)
	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:337)
	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:437)
	at org.jboss.eapqe.krbldap.utils.krb.GSSTestClient.getName(GSSTestClient.java:100)
	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:85)
	... 32 more

            mchoma@redhat.com Martin Choma
            mchoma@redhat.com Martin Choma
            Marek Kopecky Marek Kopecky
            Marek Kopecky Marek Kopecky
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: