Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: 7.1.0.CR2
Component/s: EJB, Security
Labels:
None

Affects:

Documentation (Ref Guide, User Guide, etc.)
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA
Workaround:

Workaround Exists
Workaround Description:
Hide

builder methods approach

AuthenticationConfiguration configuration = AuthenticationConfiguration.EMPTY .useProvidersFromClassLoader(AbstractKerberosEjbTestCase.class.getClassLoader()) .useGSSCredential(getGSSCredential(lc.getSubject())); if ((fallbackUser!=null) && (passwordForFallbackUser != null)) { configuration = configuration .usePrincipal(new NamePrincipal(fallbackUser)) .usePassword(passwordForFallbackUser); }

or

CredentialSource approach

SecurityFactory<Credential> gssKerberosSecurityFactory = new SecurityFactory<Credential>() { @Override public GSSKerberosCredential create() throws GeneralSecurityException { return new GSSKerberosCredential(getGSSCredential(lc.getSubject())); } }; SecurityFactory<Credential> passwordSecurityFactory = new SecurityFactory<Credential>() { @Override public PasswordCredential create() throws GeneralSecurityException { return new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, passwordForFallbackUser.toCharArray())); } }; CredentialSource credentials = CredentialSource.fromSecurityFactory(gssKerberosSecurityFactory); AuthenticationConfiguration configuration = AuthenticationConfiguration.EMPTY .useProvidersFromClassLoader(AbstractKerberosEjbTestCase.class.getClassLoader()); if ((fallbackUser!=null) && (passwordForFallbackUser != null)) { credentials = credentials.with(CredentialSource.fromSecurityFactory(passwordSecurityFactory)); configuration = configuration .usePrincipal(new NamePrincipal(fallbackUser)); } configuration = configuration .useCredentials(credentials);
Show
builder methods approach AuthenticationConfiguration configuration = AuthenticationConfiguration.EMPTY .useProvidersFromClassLoader(AbstractKerberosEjbTestCase. class. getClassLoader()) .useGSSCredential(getGSSCredential(lc.getSubject())); if ((fallbackUser!= null ) && (passwordForFallbackUser != null )) { configuration = configuration .usePrincipal( new NamePrincipal(fallbackUser)) .usePassword(passwordForFallbackUser); } or CredentialSource approach SecurityFactory<Credential> gssKerberosSecurityFactory = new SecurityFactory<Credential>() { @Override public GSSKerberosCredential create() throws GeneralSecurityException { return new GSSKerberosCredential(getGSSCredential(lc.getSubject())); } }; SecurityFactory<Credential> passwordSecurityFactory = new SecurityFactory<Credential>() { @Override public PasswordCredential create() throws GeneralSecurityException { return new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, passwordForFallbackUser.toCharArray())); } }; CredentialSource credentials = CredentialSource.fromSecurityFactory(gssKerberosSecurityFactory); AuthenticationConfiguration configuration = AuthenticationConfiguration.EMPTY .useProvidersFromClassLoader(AbstractKerberosEjbTestCase. class. getClassLoader()); if ((fallbackUser!= null ) && (passwordForFallbackUser != null )) { credentials = credentials.with(CredentialSource.fromSecurityFactory(passwordSecurityFactory)); configuration = configuration .usePrincipal( new NamePrincipal(fallbackUser)); } configuration = configuration .useCredentials(credentials);
Steps to Reproduce:
Hide

# Prepare CR2 maven repo wget http://download-ipv4.eng.brq.redhat.com/devel/candidates/JBEAP/JBEAP-7.1.0-CR2/jboss-eap-7.1.0.CR2-maven-repository.zip wget http://download-ipv4.eng.brq.redhat.com/devel/candidates/JBEAP/JBEAP-7.1.0-CR2/jboss-eap-7.1.0.CR2-testsuite-local-repository.zip unzip jboss-eap-7.1.0.CR2-maven-repository.zip unzip jboss-eap-7.1.0.CR2-testsuite-local-repository.zip cp -R -n eap-local-maven-repository/* jboss-eap-7.1.0.GA-maven-repository/maven-repository # Run TS git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git cd tests-ldap-kerberos git checkout 7.x # Elytron case ./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=3.0.3.Final-redhat-1 -Dmaven.repo.local=/path/to/jboss-eap-7.1.0.GA-maven-repository/maven-repository -Djboss.dist.zip=/path/to/jboss-eap-7.1.0.CR2.zip -Dmaven.test.failure.ignore=true -Dignore.known.issues -Dtest=KerberosEjbGs2Krb5TestCase,KerberosEjbGssapiTestCase -DtestLogToFile=false # Legacy case ./build-eap7.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=3.0.3.Final-redhat-1 -Dmaven.repo.local=/path/to/jboss-eap-7.1.0.GA-maven-repository/maven-repository -Djboss.dist.zip=/path/to/jboss-eap-7.1.0.CR2.zip -Dmaven.test.failure.ignore=true -Dignore.known.issues -Dtest=KerberosRemoteEjbManualTest -DtestLogToFile=false
Show
# Prepare CR2 maven repo wget http: //download-ipv4.eng.brq.redhat.com/devel/candidates/JBEAP/JBEAP-7.1.0-CR2/jboss-eap-7.1.0.CR2-maven-repository.zip wget http: //download-ipv4.eng.brq.redhat.com/devel/candidates/JBEAP/JBEAP-7.1.0-CR2/jboss-eap-7.1.0.CR2-testsuite-local-repository.zip unzip jboss-eap-7.1.0.CR2-maven-repository.zip unzip jboss-eap-7.1.0.CR2-testsuite-local-repository.zip cp -R -n eap-local-maven-repository/* jboss-eap-7.1.0.GA-maven-repository/maven-repository # Run TS git clone git@gitlab.mw.lab.eng.bos.redhat.com:mchoma/tests-ldap-kerberos.git cd tests-ldap-kerberos git checkout 7.x # Elytron case ./build-eap71.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=3.0.3.Final-redhat-1 -Dmaven.repo.local=/path/to/jboss-eap-7.1.0.GA-maven-repository/maven-repository -Djboss.dist.zip=/path/to/jboss-eap-7.1.0.CR2.zip -Dmaven.test.failure.ignore= true -Dignore.known.issues -Dtest=KerberosEjbGs2Krb5TestCase,KerberosEjbGssapiTestCase -DtestLogToFile= false # Legacy case ./build-eap7.sh -Dversion.jboss.bom=7.1.0.GA -Dversion.wildfly.core=3.0.3.Final-redhat-1 -Dmaven.repo.local=/path/to/jboss-eap-7.1.0.GA-maven-repository/maven-repository -Djboss.dist.zip=/path/to/jboss-eap-7.1.0.CR2.zip -Dmaven.test.failure.ignore= true -Dignore.known.issues -Dtest=KerberosRemoteEjbManualTest -DtestLogToFile= false

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Given Kerberos authentication and plain authentication as fallback and initial context properties contains wrong username and password for fallback.
When user with valid Kerberos ticket calls secured EJB method
then this method should be successfully invoked

, but ejb is not invoked in CR2, because authentication fails. That worked as expected in CR1.

This impacts elytron and legacy configuration scenarios.
In case of elytron security solution this is regression against CR1.
In case of legacy security solution this is regression against CR1 and 7.0.

In log I see PLAIN mechanism is tried first (not expected) failing (expected), but I don't see GSSAPI mechanism attempt at all.

21:34:20,744 FINE  [org.jboss.arquillian.test.spi.TestEnricher] (main) BeanManager cannot be located in context. Either you are using an archive with no beans.xml or the BeanManager has not been produced.
21:34:20,745 FINE  [org.jboss.arquillian.test.spi.TestEnricher] (main) BeanManager cannot be located in context. Either you are using an archive with no beans.xml or the BeanManager has not been produced.
Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
                [Krb5LoginModule] user entered username: hnelson76a9a327-fcad-4cbd-a309-ec7ddc76deb2@JBOSS.ORG

21:34:20,747 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioDatagramAcceptor-352) Processing a MESSAGE_RECEIVED for session 1968
21:34:20,784 DEBUG [org.jboss.eapqe.krbldap.servers.proxy.UDPProxyThread] (Thread-325) Forwarded Message client ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 60,362 ) -> server ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 6,088 ): 168 bytes
21:34:20,784 DEBUG [org.jboss.eapqe.krbldap.servers.proxy.UDPProxyThread] (Thread-325) Forwarded Message server ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 6,088 ) -> client ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 60,362 ): 610 bytes
principal is hnelson76a9a327-fcad-4cbd-a309-ec7ddc76deb2@JBOSS.ORG
Commit Succeeded 

21:34:20,799 DEBUG [org.jboss.ejb.client.invocation] (main) Calling invoke(module = /ejb-deployment/SimpleBean, strong affinity = None, weak affinity = None): 
21:34:20,803 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) No buffers in queue for message header
&amp#27;[0m21:34:20,803 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Allocated fresh buffers
&amp#27;[0m21:34:20,803 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Received 27 bytes
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Received message java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192]
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote] (default I/O-7) Received authentication request, id ec495383, mech PLAIN
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote] (default I/O-7) Received authentication request for ID ec495383, mech PLAIN
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.endpoint] (default I/O-7) Allocated tick to 9 of endpoint "eap-perf-hpux-04" <168db8f> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@3c8049)
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) No buffers in queue for message header
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Allocated fresh buffers
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) No read bytes available
&amp#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote] (default I/O-7) No message ready; returning
&amp#27;[0m21:34:20,804 TRACE [org.wildfly.security] (default task-20) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='eap-perf-hpux-04.mw.lab.eng.bos.redhat.com' protocol='remote'
&amp#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='eap-perf-hpux-04.mw.lab.eng.bos.redhat.com' protocol='remote'
&amp#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Creating SaslServer [org.wildfly.security.sasl.plain.PlainSaslServer@f61b13] for mechanism [PLAIN] and protocol [remote]
&amp#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@31f6fd->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@e7063->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@10cfcc6->org.wildfly.security.sasl.plain.PlainSaslServer@f61b13] for mechanism [PLAIN]
&amp#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Handling NameCallback: authenticationName = wrong
&amp#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Principal assigning: [wrong], pre-realm rewritten: [wrong], realm name: [fileSystemRealm], post-realm rewritten: [wrong], realm rewritten: [wrong]
&amp#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) Trying to authenticate identity null using FileSystemSecurityRealm
&amp#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) FileSystemSecurityRealm - verification evidence [org.wildfly.security.evidence.PasswordGuessEvidence@10e5b37] against [0] credentials...
&amp#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) FileSystemSecurityRealm - no credential able to verify evidence [org.wildfly.security.evidence.PasswordGuessEvidence@10e5b37]
&amp#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) Handling AuthenticationCompleteCallback: fail
&amp#27;[0m21:34:20,806 TRACE [org.jboss.remoting.remote] (default task-20) Authentication failed at response evaluation: javax.security.sasl.SaslException: ELY05013: [PLAIN] Authentication mechanism password not verified
        at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:127)
        at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
        at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
        at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57)
        at org.jboss.remoting3.ConnectionImpl.lambda$receiveAuthRequest$2(ConnectionImpl.java:216)
        at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:748)

&amp#27;[0m21:34:20,807 TRACE [org.jboss.remoting.remote] (default task-20) Sending authentication reject for ID ec495383
&amp#27;[0m21:34:20,807 TRACE [org.jboss.remoting.endpoint] (default task-20) Resource closed count 00000008 of endpoint "eap-perf-hpux-04" <168db8f> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@3c8049)
&amp#27;[0m21:34:20,807 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Sent 9 bytes
&amp#27;[0m21:34:20,807 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Flushed channel
&amp#27;[0m21:34:20,817 ERROR [KerberosEjbGssapiTestCase] (main) Access to EJB method was denied for invocation with Kerberos user.: java.security.PrivilegedActionException: org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available
        at org.wildfly.common.context.Contextual.runExceptionAction(Contextual.java:110)
        at org.wildfly.security.auth.client.AuthenticationContext.run(AuthenticationContext.java:268)
        at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:714)
        at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:666)
        at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testKerberosRealmWithFallbackWithWrongCredentialWithKerberos(AbstractKerberosEjbTestCase.java:427)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
        at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
        at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
        at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:379)
        at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
        at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
        at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
        at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
        at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
        at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53)
        at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
        at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
        at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129)
        at sun.reflect.GeneratedMethodAccessor16.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
        at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
        at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
        at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136)
        at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:372)
        at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:246)
        at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
        at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
        at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:260)
        at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:324)
        at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:99)
        at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:72)
        at sun.reflect.GeneratedMethodAccessor8.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
        at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
        at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:124)
        at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
        at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
        at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
        at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
        at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
        at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
        at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
        at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159)
        at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:317)
        at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
        at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
        at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:205)
        at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
        at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
        at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:219)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
        at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:167)
        at org.jboss.eapqe.krbldap.arquillian.runner.LdapKrbRunner.run(LdapKrbRunner.java:50)
        at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264)
        at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)
        at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124)
        at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200)
        at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153)
        at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)
Caused by: org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:568)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
        at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
        at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:115)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
        at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:76)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
        at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570)
        at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504)
        at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:916)
        at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:165)
        at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
        at com.sun.proxy.$Proxy40.hello(Unknown Source)
        at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:718)
        at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:714)
        at org.wildfly.common.context.Contextual.runExceptionAction(Contextual.java:108)
        ... 120 more
        Suppressed: org.jboss.ejb.client.RequestSendFailedException: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left), tried: 
   GSSAPI: org.wildfly.security.auth.AuthenticationException: JBREM000300: Authentication failed due to I/O error
   PLAIN: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication
                at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:98)
                at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:71)
                at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215)
                at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)
                at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
                at java.lang.Thread.run(Thread.java:748)
        Caused by: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left), tried: 
   GSSAPI: org.wildfly.security.auth.AuthenticationException: JBREM000300: Authentication failed due to I/O error
   PLAIN: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication
                at org.jboss.remoting3.ConnectionPeerIdentityContext.doAuthenticate(ConnectionPeerIdentityContext.java:369)
                at org.jboss.remoting3.ConnectionPeerIdentityContext.authenticate(ConnectionPeerIdentityContext.java:174)
                at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:505)
                at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:494)
                at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:208)
                at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720)
                at org.xnio.IoUtils$2.execute(IoUtils.java:71)
                at org.xnio.AbstractIoFuture.runNotifier(AbstractIoFuture.java:693)
                at org.xnio.AbstractIoFuture$CompleteState.withNotifier(AbstractIoFuture.java:132)
                at org.xnio.AbstractIoFuture.addNotifier(AbstractIoFuture.java:570)
                at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:494)
                at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433)
                at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51)
                at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122)
                at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.lambda$getConnection$1(RemoteEJBReceiver.java:174)
                at java.security.AccessController.doPrivileged(Native Method)
                at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.getConnection(RemoteEJBReceiver.java:174)
                at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.processInvocation(RemoteEJBReceiver.java:125)
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:455)
                at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocation(RemotingEJBClientInterceptor.java:51)
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
                at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:87)
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
                at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64)
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
                at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81)
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467)
                at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203)
                at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:303)
                at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:161)
                at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100)
                at com.sun.proxy.$Proxy40.hello(Unknown Source)
                at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:718)
                at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:714)
                at org.wildfly.common.context.Contextual.runExceptionAction(Contextual.java:108)
                at org.wildfly.security.auth.client.AuthenticationContext.run(AuthenticationContext.java:268)
                at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:714)
                at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:666)
                at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testKerberosRealmWithFallbackWithWrongCredentialWithKerberos(AbstractKerberosEjbTestCase.java:427)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
                at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
                at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
                at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:379)
                at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
                at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
                at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
                at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53)
                at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
                at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
                at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129)
                at sun.reflect.GeneratedMethodAccessor16.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
                at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
                at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
                at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
                at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136)
                at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:372)
                at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:246)
                at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
                at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
                at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:260)
                at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:324)
                at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:99)
                at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:72)
                at sun.reflect.GeneratedMethodAccessor8.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85)
                at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142)
                at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:124)
                at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130)
                at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92)
                at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73)
                at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96)
                at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92)
                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143)
                at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114)
                at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159)
                at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:317)
                at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
                at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
                at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
                at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
                at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
                at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
                at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
                at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
                at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:205)
                at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431)
                at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55)
                at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:219)
                at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
                at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:167)
                at org.jboss.eapqe.krbldap.arquillian.runner.LdapKrbRunner.run(LdapKrbRunner.java:50)
                at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264)
                at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153)
                at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124)
                at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200)
                at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153)
                at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103)

                [Krb5LoginModule]: Entering logout
                [Krb5LoginModule]: logged out Subject

Note, similar scenario with none fallback username/password works well.
Also note, when correct fallback username / password PLAIN is used instead of GSSAPI.

In CR1 there was GSSAPI tried as first mechanism:

11:36:12,924 TRACE [org.jboss.remoting.remote] (management I/O-2) No message ready; returning
Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
        [Krb5LoginModule] user entered username: hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG

principal is hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG
Commit Succeeded 

11:36:12,993 INFO  [org.jboss.ejb.client] (main) EJBCLIENT000064: org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
11:36:13,005 INFO  [org.wildfly.naming] (main) WildFly Naming version 1.0.1.Final-redhat-1
11:36:13,020 INFO  [org.wildfly.naming] (main) WFNAM00049: Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead
11:36:13,056 INFO  [org.jboss.ejb.client] (main) JBoss EJB Client version 4.0.0.Final-redhat-1
11:36:13,137 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Initialized connection from /127.0.0.1:54821 to /127.0.0.1:8080 with options {org.jboss.remoting3.RemotingOptions.SASL_PROTOCOL=>remote,org.xnio.Options.TCP_NODELAY=>true,org.xnio.Options.REUSE_ADDRESSES=>true}
11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Accepted connection from /127.0.0.1:54821 to localhost.localdomain/127.0.0.1:8080
11:36:13,138 TRACE [org.jboss.remoting.remote] (default I/O-6) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@39c04ab3
11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Sent 28 bytes
11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Flushed channel
11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) No buffers in queue for message header
11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Allocated fresh buffers
11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received 46 bytes
11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received message java.nio.HeapByteBuffer[pos=0 lim=42 cap=8192]
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Received java.nio.HeapByteBuffer[pos=0 lim=42 cap=8192]
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capabilities request
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: version 1
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: message close protocol supported
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: remote version is "5.0.0.Final-redhat-1"
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: remote channels in is "40"
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: remote channels out is "40"
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: authentication service
11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) No EXTERNAL mechanism due to lack of SSL
11:36:13,141 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Added mechanism GSSAPI
11:36:13,141 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Added mechanism PLAIN
11:36:13,141 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Sent 72 bytes
11:36:13,141 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Flushed channel
11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) No buffers in queue for message header
11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Allocated fresh buffers
11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received 589 bytes
11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received message java.nio.HeapByteBuffer[pos=0 lim=585 cap=8192]
11:36:13,191 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Received java.nio.HeapByteBuffer[pos=0 lim=585 cap=8192]
11:36:13,191 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received authentication request
11:36:13,191 TRACE [org.wildfly.security] (default I/O-6) Handling MechanismInformationCallback type='SASL' name='GSSAPI' host-name='localhost.localdomain' protocol='remote'
11:36:13,191 TRACE [org.wildfly.security] (default I/O-6) Handling MechanismInformationCallback type='SASL' name='GSSAPI' host-name='localhost.localdomain' protocol='remote'
11:36:13,193 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) configuredMaxReceiveBuffer=16777215
11:36:13,193 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) relaxComplianceChecks=false
11:36:13,193 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) QOP={AUTH}
11:36:13,194 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) Obtaining GSSCredential for the service from callback handler...
11:36:13,194 TRACE [org.wildfly.security] (default I/O-6) No valid cached credential, obtaining new one...
11:36:13,195 TRACE [org.wildfly.security] (default I/O-6) Logging in using LoginContext and subject [Subject:
]
11:36:13,198 INFO  [stdout] (default I/O-6) Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab refreshKrb5Config is false principal is remote/localhost.localdomain@JBOSS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
11:36:13,200 INFO  [stdout] (default I/O-6) principal is remote/localhost.localdomain@JBOSS.ORG
11:36:13,200 INFO  [stdout] (default I/O-6) Will use keytab
11:36:13,200 INFO  [stdout] (default I/O-6) Commit Succeeded 
11:36:13,200 INFO  [stdout] (default I/O-6) 
11:36:13,200 TRACE [org.wildfly.security] (default I/O-6) Logging in using LoginContext and subject [Subject:
    Principal: remote/localhost.localdomain@JBOSS.ORG
    Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab for remote/localhost.localdomain@JBOSS.ORG
] succeed
11:36:13,202 TRACE [org.wildfly.security] (default I/O-6) Creating GSSName for Principal 'remote/localhost.localdomain@JBOSS.ORG'
11:36:13,205 INFO  [stdout] (default I/O-6) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab for remote/localhost.localdomain@JBOSS.ORG
11:36:13,205 INFO  [stdout] (default I/O-6) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab for remote/localhost.localdomain@JBOSS.ORG
11:36:13,205 TRACE [org.wildfly.security] (default I/O-6) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f]
11:36:13,205 TRACE [org.wildfly.security] (default I/O-6) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null
11:36:13,206 TRACE [org.wildfly.security] (default I/O-6) Creating SaslServer [org.wildfly.security.sasl.gssapi.GssapiServer@3bf8706d] for mechanism [GSSAPI] and protocol [remote]
11:36:13,206 TRACE [org.wildfly.security] (default I/O-6) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@15819e1->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@698724e1->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@11ef363a->org.wildfly.security.sasl.gssapi.GssapiServer@3bf8706d] for mechanism [GSSAPI]
11:36:13,206 TRACE [org.jboss.remoting.endpoint] (default I/O-6) Allocated tick to 8 of endpoint "localhost" <5efbe9d8> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@696c5772)
11:36:13,208 INFO  [stdout] (default task-1) Entered Krb5Context.acceptSecContext with state=STATE_NEW
11:36:13,210 INFO  [stdout] (default task-1) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb5-5406040978843173228.conf
11:36:13,210 INFO  [stdout] (default task-1) Loaded from Java config
11:36:13,212 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG
11:36:13,212 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote
11:36:13,212 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain
11:36:13,212 INFO  [stdout] (default task-1) >>> KeyTab: load() entry length: 65; type: 3
11:36:13,212 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG
11:36:13,212 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote
11:36:13,212 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTab: load() entry length: 73; type: 23
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTab: load() entry length: 81; type: 16
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain
11:36:13,213 INFO  [stdout] (default task-1) >>> KeyTab: load() entry length: 73; type: 17
11:36:13,213 INFO  [stdout] (default task-1) Looking for keys for: remote/localhost.localdomain@JBOSS.ORG
11:36:13,214 INFO  [stdout] (default task-1) Added key: 17version: 0
11:36:13,214 INFO  [stdout] (default task-1) Added key: 16version: 0
11:36:13,214 INFO  [stdout] (default task-1) Added key: 23version: 0
11:36:13,214 INFO  [stdout] (default task-1) Found unsupported keytype (3) for remote/localhost.localdomain@JBOSS.ORG
11:36:13,214 INFO  [stdout] (default task-1) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
11:36:13,249 INFO  [stdout] (default task-1) default etypes for permitted_enctypes: 17.
11:36:13,249 INFO  [stdout] (default task-1) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType
11:36:13,251 INFO  [stdout] (default task-1) MemoryCache: add 1506936973/189591/A02CDB16BED2CE9407A517E7FA6BB8BB/hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG to hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG|remote/localhost.localdomain@JBOSS.ORG
11:36:13,251 INFO  [stdout] (default task-1) >>> KrbApReq: authenticate succeed.
11:36:13,252 INFO  [stdout] (default task-1) Krb5Context setting peerSeqNumber to: 617563930
11:36:13,252 INFO  [stdout] (default task-1) Krb5Context setting mySeqNumber to: 617563930
11:36:13,252 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) Negotiated mechanism 1.2.840.113554.1.2.2
11:36:13,253 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) No response so triggering next state immediately.
11:36:13,253 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) Not offering a security layer so zero length.
11:36:13,253 INFO  [stdout] (default task-1) Krb5Context.wrap: data=[01 00 00 00 ]
11:36:13,254 INFO  [stdout] (default task-1) Krb5Context.wrap: token=[05 04 01 ff 00 0c 00 00 00 00 00 00 24 cf 47 1a 01 00 00 00 c4 7d 34 ca 96 80 af c8 08 6c 08 42 ]
11:36:13,254 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) Transitioning to receive chosen security layer from client
11:36:13,254 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication challenge
11:36:13,254 TRACE [org.jboss.remoting.remote] (default task-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Authentication@44988b18
11:36:13,254 TRACE [org.jboss.remoting.endpoint] (default task-1) Resource closed count 00000007 of endpoint "localhost" <5efbe9d8> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@696c5772)
11:36:13,254 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Sent 37 bytes
11:36:13,254 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Flushed channel
11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) No buffers in queue for message header
11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Allocated fresh buffers
11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received 37 bytes
11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received message java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
11:36:13,256 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Received java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192]
11:36:13,256 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received authentication response
11:36:13,256 TRACE [org.jboss.remoting.endpoint] (default I/O-6) Allocated tick to 8 of endpoint "localhost" <5efbe9d8> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@696c5772)
11:36:13,257 INFO  [stdout] (default task-2) Krb5Context.unwrap: token=[05 04 00 ff 00 0c 00 00 00 00 00 00 24 cf 47 1a 01 00 00 00 46 60 2b ed aa a6 9d 48 1b 4b a2 6f ]
11:36:13,257 INFO  [stdout] (default task-2) Krb5Context.unwrap: data=[01 00 00 00 ]
11:36:13,257 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-2) Client selected security layer AUTH, with maxBuffer of 0
11:36:13,258 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-2) Authentication ID=hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG,  Authorization ID=hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG
11:36:13,258 TRACE [org.wildfly.security] (default task-2) Principal assigning: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG], pre-realm rewritten: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b], realm name: [fileSystemRealm], post-realm rewritten: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b], realm rewritten: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b]
11:36:13,259 TRACE [org.wildfly.security] (default task-2) Role mapping: principal [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b] -> decoded roles [Users] -> realm mapped roles [Users] -> domain mapped roles [Users]
11:36:13,259 TRACE [org.wildfly.security] (default task-2) Authorizing principal hnelsona409841a-435c-45cc-9660-ae8e20d9db1b.
11:36:13,259 TRACE [org.wildfly.security] (default task-2) Authorizing against the following attributes: [Roles] => [Users]
11:36:13,260 TRACE [org.wildfly.security] (default task-2) Permission mapping: identity [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b] with roles [Users] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true
11:36:13,260 TRACE [org.wildfly.security] (default task-2) Authorization succeed
11:36:13,260 TRACE [org.wildfly.security] (default task-2) RunAs authorization succeed - the same identity
11:36:13,260 TRACE [org.wildfly.security] (default task-2) Handling AuthorizeCallback: authenticationID = hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG  authorizationID = hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG  authorized = true
11:36:13,260 INFO  [stdout] (default task-2) >>> Constrained deleg from GSSCaller{UNKNOWN}
11:36:13,261 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-2) Negotiation complete.
11:36:13,261 TRACE [org.wildfly.security] (default task-2) Handling AuthenticationCompleteCallback: succeed
11:36:13,261 TRACE [org.wildfly.security] (default task-2) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=hnelsona409841a-435c-45cc-9660-ae8e20d9db1b, securityDomain=org.wildfly.security.auth.server.SecurityDomain@763c7c99, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='fileSystemRealm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@333efc3a}, creationTime=2017-10-02T09:36:13.259Z}
11:36:13,261 TRACE [org.jboss.remoting.remote.server] (default task-2) Server sending authentication complete

Seems problem will be with ejb-client, as scenario works against CR2 with

legacy ejb client
CR1 ejb-client 4.0.0.Final-redhat-1

is cloned by

EJBCLIENT-278 Kerberos authentication does not have priority over PLAIN

Resolved

Assignee:: Christian Huffman

Reporter:: Martin Choma

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2017/10/03 3:30 AM

Updated:: 2017/10/27 9:22 AM

Resolved:: 2017/10/27 9:22 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide