Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-12432

IllegalStateException: ELY01003: No authentication is in progress

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.CR1
    • 7.1.0.ER3
    • Security
    • None

    Description

      Trying to test similar scenario as in JBEAP-11680 also in Elytron way.

      It means same http client for 2 requests on one application. In first request negotiation is performed as expected. Second initial request ends immediately with 500 (no 401).

      Attaching wireshark log. Strange is after first request no http session is established for some reason.

      Delegated credential is available the use of the cached GSSContext should trigger that error as the callback is duplicated after authentication has completed.

      Darran can reproduce this even in Firefox 54.0. I can't.

      10:22:10,810 INFO  [org.jboss.eapqe.krbldap.eap71.tests.krb.http.SPNEGOTestCase] (main) Testing testKDCNotAccessedOnEachRequest
Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
		[Krb5LoginModule] user entered username: jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a

principal is jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG
Commit Succeeded 

		[Krb5LoginModule]: Entering logout
		[Krb5LoginModule]: logged out Subject
10:22:11,055 TRACE [org.wildfly.security] (default task-1) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@292d4c26] for mechanism [SPNEGO]
10:22:11,056 TRACE [org.wildfly.security] (default task-1) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http'
10:22:11,057 TRACE [org.wildfly.security] (default task-1) Evaluating SPNEGO request: cached GSSContext = null
10:22:11,057 TRACE [org.wildfly.security] (default task-1) Obtaining GSSCredential for the service from callback handler...
10:22:11,058 TRACE [org.wildfly.security] (default task-1) No valid cached credential, obtaining new one...
10:22:11,059 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject:
]
10:22:11,064 INFO  [stdout] (default task-1) Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.1966978985552063316.keytab refreshKrb5Config is false principal is HTTP/localhost.localdomain@JBOSS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
10:22:11,065 INFO  [stdout] (default task-1) principal is HTTP/localhost.localdomain@JBOSS.ORG
10:22:11,065 INFO  [stdout] (default task-1) Will use keytab
10:22:11,065 INFO  [stdout] (default task-1) Commit Succeeded 
10:22:11,066 INFO  [stdout] (default task-1) 
10:22:11,066 TRACE [org.wildfly.security] (default task-1) Logging in using LoginContext and subject [Subject:
	Principal: HTTP/localhost.localdomain@JBOSS.ORG
	Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.1966978985552063316.keytab for HTTP/localhost.localdomain@JBOSS.ORG
] succeed
10:22:11,068 TRACE [org.wildfly.security] (default task-1) Creating GSSName for Principal 'HTTP/localhost.localdomain@JBOSS.ORG'
10:22:11,071 INFO  [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.1966978985552063316.keytab for HTTP/localhost.localdomain@JBOSS.ORG
10:22:11,072 INFO  [stdout] (default task-1) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.1966978985552063316.keytab for HTTP/localhost.localdomain@JBOSS.ORG
10:22:11,072 TRACE [org.wildfly.security] (default task-1) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f]
10:22:11,072 TRACE [org.wildfly.security] (default task-1) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null
10:22:11,073 TRACE [org.wildfly.security] (default task-1) Using SpnegoAuthenticationMechanism to authenticate HTTP/localhost.localdomain@JBOSS.ORG using the following mechanisms: [[1.2.840.113554.1.2.2, 1.3.6.1.5.5.2]]
10:22:11,073 TRACE [org.wildfly.security] (default task-1) Caching GSSContext sun.security.jgss.GSSContextImpl@6f6a1bf7
10:22:11,073 TRACE [org.wildfly.security] (default task-1) Caching KerberosTicket null
10:22:11,073 TRACE [org.wildfly.security] (default task-1) Sent HTTP authorizations: [null]
10:22:11,073 TRACE [org.wildfly.security] (default task-1) Request lacks valid authentication credentials
10:22:11,102 TRACE [org.wildfly.security] (default task-2) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@43774e98] for mechanism [SPNEGO]
10:22:11,102 TRACE [org.wildfly.security] (default task-2) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http'
10:22:11,102 TRACE [org.wildfly.security] (default task-2) Evaluating SPNEGO request: cached GSSContext = null
10:22:11,102 TRACE [org.wildfly.security] (default task-2) Obtaining GSSCredential for the service from callback handler...
10:22:11,103 TRACE [org.wildfly.security] (default task-2) Used cached GSSCredential [[GSSCredential: 
HTTP/localhost.localdomain@JBOSS.ORG 1.2.840.113554.1.2.2 Accept [class sun.security.jgss.krb5.Krb5AcceptCredential]
HTTP/localhost.localdomain@JBOSS.ORG 1.3.6.1.5.5.2 Accept [class sun.security.jgss.spnego.SpNegoCredElement]]]
10:22:11,103 TRACE [org.wildfly.security] (default task-2) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null
10:22:11,103 TRACE [org.wildfly.security] (default task-2) Using SpnegoAuthenticationMechanism to authenticate HTTP/localhost.localdomain@JBOSS.ORG using the following mechanisms: [[1.2.840.113554.1.2.2, 1.3.6.1.5.5.2]]
10:22:11,103 TRACE [org.wildfly.security] (default task-2) Caching GSSContext sun.security.jgss.GSSContextImpl@498f25e8
10:22:11,103 TRACE [org.wildfly.security] (default task-2) Caching KerberosTicket null
10:22:11,105 TRACE [org.wildfly.security] (default task-2) Sent HTTP authorizations: [[Negotiate YD0GBisGAQUFAqAzMDGgHzAdBgUpAgUGBwYJKoZIgvcSAQICBgkqhkiG9xIBAgKiDgQMQWhvaiwgc3ZldGUh]]
10:22:11,105 TRACE [org.wildfly.security] (default task-2) Processing incoming response to a challenge...
10:22:11,110 TRACE [org.wildfly.security] (default task-2) GSSContext establishing - sending negotiation token to the peer
10:22:11,110 TRACE [org.wildfly.security] (default task-2) Sending intermediate challenge: [-95, 20, 48, 18, -96, 3, 10, 1, 1, -95, 11, 6, 9, 42, -122, 72, -122, -9, 18, 1, 2, 2]
10:22:11,117 INFO  [org.jboss.eapqe.krbldap.eap71.tests.krb.http.SPNEGOTestCase] (main) Negotiate response in HTTP header:
Tagged [1]
    DER Sequence
        Tagged [0]
            DER Enumerated(1)
        Tagged [1]
            ObjectIdentifier(1.2.840.113554.1.2.2)

10:22:11,121 TRACE [org.wildfly.security] (default task-3) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@49a938c1] for mechanism [SPNEGO]
10:22:11,122 TRACE [org.wildfly.security] (default task-3) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http'
10:22:11,123 TRACE [org.wildfly.security] (default task-3) Evaluating SPNEGO request: cached GSSContext = sun.security.jgss.GSSContextImpl@498f25e8
10:22:11,123 TRACE [org.wildfly.security] (default task-3) Sent HTTP authorizations: [[Negotiate oYIEujCCBLagAwoBAaKCBK0EggSpYIIEpQYJKoZIhvcSAQICAQBuggSUMIIEkKADAgEFoQMCAQ6iBwMFACAAAACjggEoYYIBJDCCASCgAwIBBaELGwlKQk9TUy5PUkeiKDAmoAMCAQChHzAdGwRIVFRQGxVsb2NhbGhvc3QubG9jYWxkb21haW6jgeEwgd6gAwIBEaKB1gSB002F+u9iDn/62iCswPmRWtqh1+V6AuNnJXnDF3NgRaakyGQsZavJU3nUuX/liJ49D0+hYF9Wq4w4qb6sE040vODkue6gzxofKPT0ICFWABfR2C89wjbX30hc17xfEKQvKg6phiaWFRg2BT+m8XTgfDsCg0x+R2/PlrKc0vCuf4CLQaNsyWvmdYvQwUhV328Aidb/A9DHUkUPcCCPs6RCWBdHEvW/yFFnlWSYhkSsNShR+X4P4XUlUzgy2xyaA3bgZY6texAo3nqXQsQrfAu5hLO3PeWkggNNMIIDSaADAgERooIDQASCAzyCo2+I4jVyx3QT/KxAHAEHsnYMtZV/fVL4pwYwiXJKG5hmEev3yLjzhM+gkul0HQ5IRgnCChYkKt2VlxcAeZD2iSXu4xaRwz2FUOG92Kxxmc6CM6Z36FIcEGL2Yth/sr8O6uLzIVVqT+4tgsAkBBRNeS7qenDNnndo8UVln3XTEpi5QK419M5/UTx4yIeFnahErPYBH6Hyk+FDnzdOKYLO5hpUIseyoQ3NZM9JO/HdmhMxGwfhPYs9tP0dBNNfZuDKS0TrB0nT3L1ehcKx/cHbFEQGvGCC1w/Kg8kF6fxVN32X1UB7gtkcDgDQnY0ADt99kcdZEGCp4vVz5hw9OK6FdWQP9T1OY3tcfgE64dQR5n/2A5vjvJplcxXb+HQB35XciKXKyVNK890+dHFV/kryE+RUT6tHT4Ml+u3LjUKHtuO971dw/mk/wfpQI13QgqGO0VeRVu0XjHxKLNVBGggQ5W4oh0l7m/MxwlWbWquETr5ynxf9DDal67La3Ii+bniP+mWlVjUSm9yzqV/LN5gONxZ8SaNhl2R5YMhf62VGOskPjFzNBo13aCOVQwS1iWKSYZs+hvIT1YIndddA+I3zY3MZ9FEC04OJimPVFF556ilCUuJIjLKJrUYrwMy8Ni0KuxpL+mLv6sFZ3G4rIMsTlxcMRAK85M/wEDUb4lLRfqcJ5Yf68hAV4yLRi1+23Z+XYyEDUREn+aa8j86D6ajGZN1/xqxAguxt1k1Si94Hx8usQZyMs/deZfjnQCm76w1a8lTVW1qvThMoJRBvQtEsKA1YzKbSVDUSzqUoGrRAHPwl5hf4gMP3wWLzn2eZPfAIABP7lw3T+nJq+NDNU9Gp55t7WQAV3TlB+hmLSUkhuthLMiMy8cyNBEgwHkye5XA+P0zgKq0clS3GvO0mx5uP/qpBR8s8NwP24Rm1457NcfY2BwtEXrp2kCcig/otvRoZX2PYS3iZMjmpG72qBZ3Afi9krGNygIVPGh559rSkUOl/oKTS70SIz4MSxvOF7OZPPSTSY7Cb+OtmPXpk2cTUiPkFEuhCQkb52qmlZBKdn4i1LQ4evpi98LBePyuv88APPYAvd7r/xnY+jTw=]]
10:22:11,123 TRACE [org.wildfly.security] (default task-3) Processing incoming response to a challenge...
10:22:11,126 INFO  [stdout] (default task-3) Entered Krb5Context.acceptSecContext with state=STATE_NEW
10:22:11,128 INFO  [stdout] (default task-3) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb5-1923405105930794191.conf
10:22:11,129 INFO  [stdout] (default task-3) Loaded from Java config
10:22:11,131 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): JBOSS.ORG
10:22:11,131 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): HTTP
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): localhost.localdomain
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTab: load() entry length: 79; type: 16
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): JBOSS.ORG
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): HTTP
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): localhost.localdomain
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTab: load() entry length: 71; type: 17
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): JBOSS.ORG
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): HTTP
10:22:11,132 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): localhost.localdomain
10:22:11,133 INFO  [stdout] (default task-3) >>> KeyTab: load() entry length: 71; type: 23
10:22:11,133 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): JBOSS.ORG
10:22:11,133 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): HTTP
10:22:11,133 INFO  [stdout] (default task-3) >>> KeyTabInputStream, readName(): localhost.localdomain
10:22:11,133 INFO  [stdout] (default task-3) >>> KeyTab: load() entry length: 63; type: 3
10:22:11,133 INFO  [stdout] (default task-3) Looking for keys for: HTTP/localhost.localdomain@JBOSS.ORG
10:22:11,134 INFO  [stdout] (default task-3) Found unsupported keytype (3) for HTTP/localhost.localdomain@JBOSS.ORG
10:22:11,134 INFO  [stdout] (default task-3) Added key: 23version: 0
10:22:11,134 INFO  [stdout] (default task-3) Added key: 17version: 0
10:22:11,134 INFO  [stdout] (default task-3) Added key: 16version: 0
10:22:11,135 INFO  [stdout] (default task-3) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
10:22:11,189 INFO  [stdout] (default task-3) default etypes for permitted_enctypes: 17.
10:22:11,189 INFO  [stdout] (default task-3) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
10:22:11,191 INFO  [stdout] (default task-3) MemoryCache: add 1501489330/981432/7C56F7C372595A70AB5D9BF04283CDC4/jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG to jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG|HTTP/localhost.localdomain@JBOSS.ORG
10:22:11,192 INFO  [stdout] (default task-3) >>> KrbApReq: authenticate succeed.
10:22:11,193 INFO  [stdout] (default task-3) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
10:22:11,194 INFO  [stdout] (default task-3) >>>Delegated Creds have pname=jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG sname=krbtgt/JBOSS.ORG@JBOSS.ORG authtime=20170731082210Z starttime=20170731082210Z endtime=20170801082210ZrenewTill=null
10:22:11,195 INFO  [stdout] (default task-3) Krb5Context setting peerSeqNumber to: 1033682564
10:22:11,196 INFO  [stdout] (default task-3) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
10:22:11,197 INFO  [stdout] (default task-3) Krb5Context setting mySeqNumber to: 897522610
10:22:11,197 TRACE [org.wildfly.security] (default task-3) Associating delegated GSSCredential with identity.
10:22:11,200 TRACE [org.wildfly.security] (default task-3) GSSContext established, authorizing...
10:22:11,200 TRACE [org.wildfly.security] (default task-3) Principal assigning: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG], pre-realm rewritten: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a], realm name: [fileSystemRealm], post-realm rewritten: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a], realm rewritten: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a]
10:22:11,201 TRACE [org.wildfly.security] (default task-3) Role mapping: principal [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a] -> decoded roles [JBossAdmin] -> realm mapped roles [JBossAdmin] -> domain mapped roles [JBossAdmin]
10:22:11,201 TRACE [org.wildfly.security] (default task-3) Authorizing principal jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a.
10:22:11,201 TRACE [org.wildfly.security] (default task-3) Authorizing against the following attributes: [Roles] => [JBossAdmin]
10:22:11,202 TRACE [org.wildfly.security] (default task-3) Permission mapping: identity [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a] with roles [JBossAdmin] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
10:22:11,202 TRACE [org.wildfly.security] (default task-3) Authorization succeed
10:22:11,202 TRACE [org.wildfly.security] (default task-3) RunAs authorization succeed - the same identity
10:22:11,202 TRACE [org.wildfly.security] (default task-3) Handling AuthorizeCallback: authenticationID = jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG  authorizationID = jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG  authorized = true
10:22:11,202 TRACE [org.wildfly.security] (default task-3) Authorized by callback handler = true  clientName = [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG]
10:22:11,202 TRACE [org.wildfly.security] (default task-3) Credential delegation enabled, delegated credential = [GSSCredential: 
jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG 1.2.840.113554.1.2.2 Initiate [class sun.security.jgss.krb5.Krb5InitCredential]
jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG 1.3.6.1.5.5.2 Initiate [class sun.security.jgss.spnego.SpNegoCredElement]]
10:22:11,202 TRACE [org.wildfly.security] (default task-3) Handling AuthenticationCompleteCallback: succeed
10:22:11,202 TRACE [org.wildfly.security] (default task-3) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a, securityDomain=org.wildfly.security.auth.server.SecurityDomain@7953885e, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='fileSystemRealm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@4947e6be}, creationTime=2017-07-31T08:22:11.201Z}
10:22:11,203 TRACE [org.wildfly.security] (default task-3) GSSContext established and authorized - authentication complete
10:22:11,203 TRACE [org.wildfly.security] (default task-3) Role mapping: principal [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a] -> decoded roles [JBossAdmin] -> realm mapped roles [JBossAdmin] -> domain mapped roles [JBossAdmin]
10:22:11,208 TRACE [org.wildfly.security] (default task-3) Sending intermediate challenge: [-95, -127, -24, 48, -127, -27, -96, 3, 10, 1, 0, -94, 110, 4, 108, 96, 106, 6, 9, 42, -122, 72, -122, -9, 18, 1, 2, 2, 2, 0, 111, 91, 48, 89, -96, 3, 2, 1, 5, -95, 3, 2, 1, 15, -94, 77, 48, 75, -96, 3, 2, 1, 17, -94, 68, 4, 66, -4, -55, 43, 123, -100, 0, 116, 108, 115, -21, 121, 36, 28, -124, -104, 13, -80, 40, 31, 71, 61, 40, 14, -92, 13, 55, -115, -14, 49, -60, 46, -63, -78, 104, -111, 125, 102, 85, -54, -118, 32, -85, 35, -15, -66, 109, 65, 19, -95, 25, -63, 64, 124, 51, 35, 24, 83, 82, -88, 31, 28, -116, 9, 107, 47, -116, -93, 110, 4, 108, 96, 106, 6, 9, 42, -122, 72, -122, -9, 18, 1, 2, 2, 2, 0, 111, 91, 48, 89, -96, 3, 2, 1, 5, -95, 3, 2, 1, 15, -94, 77, 48, 75, -96, 3, 2, 1, 17, -94, 68, 4, 66, -4, -55, 43, 123, -100, 0, 116, 108, 115, -21, 121, 36, 28, -124, -104, 13, -80, 40, 31, 71, 61, 40, 14, -92, 13, 55, -115, -14, 49, -60, 46, -63, -78, 104, -111, 125, 102, 85, -54, -118, 32, -85, 35, -15, -66, 109, 65, 19, -95, 25, -63, 64, 124, 51, 35, 24, 83, 82, -88, 31, 28, -116, 9, 107, 47, -116]
10:22:11,218 INFO  [org.jboss.eapqe.krbldap.eap71.tests.krb.http.SPNEGOTestCase] (main) Negotiate response in HTTP header:
Tagged [1]
    DER Sequence
        Tagged [0]
            DER Enumerated(0)
        Tagged [2]
            DER Octet String[108] 
                606a06092a864886f71201020202006f5b3059a003020105a10302010fa24d30    `j*Ho[0YM0
                4ba003020111a2440442fcc92b7b9c00746c73eb79241c84980db0281f473d28    KDB+{tlsy$(G=(
                0ea40d378df231c42ec1b268917d6655ca8a20ab23f1be6d4113a119c1407c33    71.h}fU #mA@|3
                23185352a81f1c8c096b2f8c                                            #SRk/
        Tagged [3]
            DER Octet String[108] 
                606a06092a864886f71201020202006f5b3059a003020105a10302010fa24d30    `j*Ho[0YM0
                4ba003020111a2440442fcc92b7b9c00746c73eb79241c84980db0281f473d28    KDB+{tlsy$(G=(
                0ea40d378df231c42ec1b268917d6655ca8a20ab23f1be6d4113a119c1407c33    71.h}fU #mA@|3
                23185352a81f1c8c096b2f8c                                            #SRk/

Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
		[Krb5LoginModule] user entered username: jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a

principal is jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG
Commit Succeeded 

		[Krb5LoginModule]: Entering logout
		[Krb5LoginModule]: logged out Subject
10:22:11,263 TRACE [org.wildfly.security] (default task-4) Created HttpServerAuthenticationMechanism [org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1@428af179] for mechanism [SPNEGO]
10:22:11,263 TRACE [org.wildfly.security] (default task-4) Handling MechanismInformationCallback type='HTTP' name='SPNEGO' host-name='localhost.localdomain' protocol='http'
10:22:11,263 TRACE [org.wildfly.security] (default task-4) Evaluating SPNEGO request: cached GSSContext = sun.security.jgss.GSSContextImpl@498f25e8
10:22:11,264 TRACE [org.wildfly.security] (default task-4) Principal assigning: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG], pre-realm rewritten: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a], realm name: [fileSystemRealm], post-realm rewritten: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a], realm rewritten: [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a]
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Role mapping: principal [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a] -> decoded roles [JBossAdmin] -> realm mapped roles [JBossAdmin] -> domain mapped roles [JBossAdmin]
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Authorizing principal jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a.
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Authorizing against the following attributes: [Roles] => [JBossAdmin]
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Permission mapping: identity [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a] with roles [JBossAdmin] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Authorization succeed
10:22:11,265 TRACE [org.wildfly.security] (default task-4) RunAs authorization succeed - the same identity
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Handling AuthorizeCallback: authenticationID = jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG  authorizationID = jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG  authorized = true
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Authorized by callback handler = true  clientName = [jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG]
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Credential delegation enabled, delegated credential = [GSSCredential: 
jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG 1.2.840.113554.1.2.2 Initiate [class sun.security.jgss.krb5.Krb5InitCredential]
jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a@JBOSS.ORG 1.3.6.1.5.5.2 Initiate [class sun.security.jgss.spnego.SpNegoCredElement]]
10:22:11,265 TRACE [org.wildfly.security] (default task-4) Handling AuthenticationCompleteCallback: succeed
10:22:11,266 TRACE [org.wildfly.security] (default task-4) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=jdukeae7c3e97-d4bf-4811-a5dd-0b19ccda505a, securityDomain=org.wildfly.security.auth.server.SecurityDomain@7953885e, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='fileSystemRealm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@4947e6be}, creationTime=2017-07-31T08:22:11.265Z}
10:22:11,266 TRACE [org.wildfly.security] (default task-4) Associating delegated GSSCredential with identity.
10:22:11,267 TRACE [org.wildfly.security] (default task-4) SPNEGO: org.wildfly.security.http.HttpAuthenticationException: ELY05053: [SPNEGO] Callback handler failed for unknown reason
	at org.wildfly.security.mechanism.MechanismUtil.handleCallbacks(MechanismUtil.java:156)
	at org.wildfly.security.http.impl.	SpnegoAuthenticationMechanism.handleCallback(SpnegoAuthenticationMechanism.java:324)
	at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.authorizeCachedGSSContext(SpnegoAuthenticationMechanism.java:272)
	at org.wildfly.security.http.impl.SpnegoAuthenticationMechanism.evaluateRequest(SpnegoAuthenticationMechanism.java:102)
	at org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:114)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:77)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:115)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalStateException: ELY01003: No authentication is in progress
	at org.wildfly.security.auth.server.ServerAuthenticationContext$State.addPrivateCredential(ServerAuthenticationContext.java:1270)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.addPrivateCredential(ServerAuthenticationContext.java:780)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1094)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839)
	at org.wildfly.security.http.util.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:113)
	at org.wildfly.security.mechanism.MechanismUtil.handleCallbacks(MechanismUtil.java:152)
	... 40 more

10:22:11,269 TRACE [org.wildfly.security.http] (default task-4) Authentication failed.: org.wildfly.security.http.HttpAuthenticationException: ELY06016: HTTP authentication failed validating request, no mechanisms remain to continue authentication.
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:162)
	at org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$100(HttpAuthenticator.java:94)
	at org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:78)
	at org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:100)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1506)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:748)

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-12390 Upgrade WildFly Elytron to 1.1.0.CR5

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-12460 Elytron, make scope of SPNEGO authentication mechanism configurable

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: