Details

    • Type: Bug
    • Status: Verified (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 7.1.0.ER1
    • Fix Version/s: 7.1.0.ER2
    • Component/s: Security
    • Labels:
      None
    • Target Release:
    • Affects Testing:
      Regression

      Description

      Having a PicketLink STS application and application with EJB secured by SAML2STSLoginModule, when an EJB client requests the EJB using SAML token (from the STS) as credentials the request fails with:

      DEBUG [org.jboss.security] (default task-7) PBOX00206: Login failure: javax.security.auth.login.LoginException: Error handling callback.
      	at org.picketlink.common.DefaultPicketLinkLogger.authErrorHandlingCallback(DefaultPicketLinkLogger.java:1729)
      	at org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule.login(SAML2STSCommonLoginModule.java:329)
      ...
      Caused by: javax.security.auth.login.LoginException: PL00095: Wrong type:SAML2STSLoginModule: Shared credential is not a SAML credential. Got org.jboss.as.security.remoting.RemotingConnectionCredential
      	at org.picketlink.common.DefaultPicketLinkLogger.authSharedCredentialIsNotSAMLCredential(DefaultPicketLinkLogger.java:1708)
      	at org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSCommonLoginModule.login(SAML2STSCommonLoginModule.java:324)
      	... 48 more
      
      ERROR [org.jboss.as.ejb3.invocation] (default task-7) WFLYEJB0034: EJB Invocation failed on component SecuredEjbBean for method public abstract java.lang.String org.picketlink.test.eap.deployment.sts.client.ejb.SecuredEjb.echoRoleFromStsNeeded(java.lang.String): javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
      	at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69)
      ...
      

      Regression against EAP 7.0. Setting priority to Blocker.

        Gliffy Diagrams

          Attachments

          1. configuration.zip
            13 kB
          2. ejb-test.jar
            3 kB
          3. new-client-properties-server.log
            122 kB
          4. old-client-properties-server.log
            112 kB
          5. picketlink-sts.war
            9 kB

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                okotek Ondrej Kotek
                Tester:
                Ondrej Kotek
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: