Given Kerberos authentication and plain authentication as fallback and initial context properties contains wrong username and password for fallback.
When user with valid Kerberos ticket calls secured EJB method
then this method should be successfully invoked
, but ejb is not invoked in CR2, because authentication fails. That worked as expected in CR1.
This impacts elytron and legacy configuration scenarios.
In case of elytron security solution this is regression against CR1.
In case of legacy security solution this is regression against CR1 and 7.0.
In log I see PLAIN mechanism is tried first (not expected) failing (expected), but I don't see GSSAPI mechanism attempt at all.
21:34:20,744 FINE [org.jboss.arquillian.test.spi.TestEnricher] (main) BeanManager cannot be located in context. Either you are using an archive with no beans.xml or the BeanManager has not been produced. 21:34:20,745 FINE [org.jboss.arquillian.test.spi.TestEnricher] (main) BeanManager cannot be located in context. Either you are using an archive with no beans.xml or the BeanManager has not been produced. Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration [Krb5LoginModule] user entered username: hnelson76a9a327-fcad-4cbd-a309-ec7ddc76deb2@JBOSS.ORG 21:34:20,747 DEBUG [org.apache.mina.filter.codec.ProtocolCodecFilter] (NioDatagramAcceptor-352) Processing a MESSAGE_RECEIVED for session 1968 21:34:20,784 DEBUG [org.jboss.eapqe.krbldap.servers.proxy.UDPProxyThread] (Thread-325) Forwarded Message client ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 60,362 ) -> server ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 6,088 ): 168 bytes 21:34:20,784 DEBUG [org.jboss.eapqe.krbldap.servers.proxy.UDPProxyThread] (Thread-325) Forwarded Message server ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 6,088 ) -> client ( eap-perf-hpux-04.mw.lab.eng.bos.redhat.com 60,362 ): 610 bytes principal is hnelson76a9a327-fcad-4cbd-a309-ec7ddc76deb2@JBOSS.ORG Commit Succeeded 21:34:20,799 DEBUG [org.jboss.ejb.client.invocation] (main) Calling invoke(module = /ejb-deployment/SimpleBean, strong affinity = None, weak affinity = None): 21:34:20,803 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) No buffers in queue for message header &#27;[0m21:34:20,803 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Allocated fresh buffers &#27;[0m21:34:20,803 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Received 27 bytes &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Received message java.nio.HeapByteBuffer[pos=0 lim=23 cap=8192] &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote] (default I/O-7) Received authentication request, id ec495383, mech PLAIN &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote] (default I/O-7) Received authentication request for ID ec495383, mech PLAIN &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.endpoint] (default I/O-7) Allocated tick to 9 of endpoint "eap-perf-hpux-04" <168db8f> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@3c8049) &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) No buffers in queue for message header &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Allocated fresh buffers &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) No read bytes available &#27;[0m21:34:20,804 TRACE [org.jboss.remoting.remote] (default I/O-7) No message ready; returning &#27;[0m21:34:20,804 TRACE [org.wildfly.security] (default task-20) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='eap-perf-hpux-04.mw.lab.eng.bos.redhat.com' protocol='remote' &#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Handling MechanismInformationCallback type='SASL' name='PLAIN' host-name='eap-perf-hpux-04.mw.lab.eng.bos.redhat.com' protocol='remote' &#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Creating SaslServer [org.wildfly.security.sasl.plain.PlainSaslServer@f61b13] for mechanism [PLAIN] and protocol [remote] &#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@31f6fd->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@e7063->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@10cfcc6->org.wildfly.security.sasl.plain.PlainSaslServer@f61b13] for mechanism [PLAIN] &#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Handling NameCallback: authenticationName = wrong &#27;[0m21:34:20,805 TRACE [org.wildfly.security] (default task-20) Principal assigning: [wrong], pre-realm rewritten: [wrong], realm name: [fileSystemRealm], post-realm rewritten: [wrong], realm rewritten: [wrong] &#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) Trying to authenticate identity null using FileSystemSecurityRealm &#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) FileSystemSecurityRealm - verification evidence [org.wildfly.security.evidence.PasswordGuessEvidence@10e5b37] against [0] credentials... &#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) FileSystemSecurityRealm - no credential able to verify evidence [org.wildfly.security.evidence.PasswordGuessEvidence@10e5b37] &#27;[0m21:34:20,806 TRACE [org.wildfly.security] (default task-20) Handling AuthenticationCompleteCallback: fail &#27;[0m21:34:20,806 TRACE [org.jboss.remoting.remote] (default task-20) Authentication failed at response evaluation: javax.security.sasl.SaslException: ELY05013: [PLAIN] Authentication mechanism password not verified at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:127) at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58) at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106) at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:57) at org.jboss.remoting3.ConnectionImpl.lambda$receiveAuthRequest$2(ConnectionImpl.java:216) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) &#27;[0m21:34:20,807 TRACE [org.jboss.remoting.remote] (default task-20) Sending authentication reject for ID ec495383 &#27;[0m21:34:20,807 TRACE [org.jboss.remoting.endpoint] (default task-20) Resource closed count 00000008 of endpoint "eap-perf-hpux-04" <168db8f> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@3c8049) &#27;[0m21:34:20,807 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Sent 9 bytes &#27;[0m21:34:20,807 TRACE [org.jboss.remoting.remote.connection] (default I/O-7) Flushed channel &#27;[0m21:34:20,817 ERROR [KerberosEjbGssapiTestCase] (main) Access to EJB method was denied for invocation with Kerberos user.: java.security.PrivilegedActionException: org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available at org.wildfly.common.context.Contextual.runExceptionAction(Contextual.java:110) at org.wildfly.security.auth.client.AuthenticationContext.run(AuthenticationContext.java:268) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:714) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:666) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testKerberosRealmWithFallbackWithWrongCredentialWithKerberos(AbstractKerberosEjbTestCase.java:427) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:379) at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60) at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114) at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67) at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53) at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129) at sun.reflect.GeneratedMethodAccessor16.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143) at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136) at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:372) at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:246) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431) at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55) at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:260) at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:324) at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:99) at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:72) at sun.reflect.GeneratedMethodAccessor8.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:124) at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114) at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159) at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:317) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:205) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431) at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55) at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:219) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:167) at org.jboss.eapqe.krbldap.arquillian.runner.LdapKrbRunner.run(LdapKrbRunner.java:50) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) Caused by: org.jboss.ejb.client.RequestSendFailedException: EJBCLIENT000409: No more destinations are available at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:568) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocationResult(RemotingEJBClientInterceptor.java:56) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocationResult(DiscoveryEJBClientInterceptor.java:115) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocationResult(NamingEJBClientInterceptor.java:76) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:86) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:570) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:504) at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:916) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:165) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy40.hello(Unknown Source) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:718) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:714) at org.wildfly.common.context.Contextual.runExceptionAction(Contextual.java:108) ... 120 more Suppressed: org.jboss.ejb.client.RequestSendFailedException: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left), tried: GSSAPI: org.wildfly.security.auth.AuthenticationException: JBREM000300: Authentication failed due to I/O error PLAIN: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:98) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:71) at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:215) at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720) at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748) Caused by: org.wildfly.security.auth.AuthenticationException: JBREM000308: Authentication failed (no mechanisms left), tried: GSSAPI: org.wildfly.security.auth.AuthenticationException: JBREM000300: Authentication failed due to I/O error PLAIN: org.wildfly.security.auth.AuthenticationException: JBREM000304: Server rejected authentication at org.jboss.remoting3.ConnectionPeerIdentityContext.doAuthenticate(ConnectionPeerIdentityContext.java:369) at org.jboss.remoting3.ConnectionPeerIdentityContext.authenticate(ConnectionPeerIdentityContext.java:174) at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:505) at org.jboss.remoting3.EndpointImpl$3.handleDone(EndpointImpl.java:494) at org.xnio.IoFuture$HandlingNotifier.notify(IoFuture.java:208) at org.xnio.AbstractIoFuture$NotifierRunnable.run(AbstractIoFuture.java:720) at org.xnio.IoUtils$2.execute(IoUtils.java:71) at org.xnio.AbstractIoFuture.runNotifier(AbstractIoFuture.java:693) at org.xnio.AbstractIoFuture$CompleteState.withNotifier(AbstractIoFuture.java:132) at org.xnio.AbstractIoFuture.addNotifier(AbstractIoFuture.java:570) at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:494) at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:433) at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:51) at org.jboss.remoting3.Endpoint.getConnectedIdentity(Endpoint.java:122) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.lambda$getConnection$1(RemoteEJBReceiver.java:174) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.getConnection(RemoteEJBReceiver.java:174) at org.jboss.ejb.protocol.remote.RemoteEJBReceiver.processInvocation(RemoteEJBReceiver.java:125) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:455) at org.jboss.ejb.protocol.remote.RemotingEJBClientInterceptor.handleInvocation(RemotingEJBClientInterceptor.java:51) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:87) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:81) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:467) at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203) at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:303) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:161) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:100) at com.sun.proxy.$Proxy40.hello(Unknown Source) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:718) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase$1.run(AbstractKerberosEjbTestCase.java:714) at org.wildfly.common.context.Contextual.runExceptionAction(Contextual.java:108) at org.wildfly.security.auth.client.AuthenticationContext.run(AuthenticationContext.java:268) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:714) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testAuthenticationWithKerberos(AbstractKerberosEjbTestCase.java:666) at org.jboss.eapqe.krbldap.eap71.tests.krb.ejb.AbstractKerberosEjbTestCase.testKerberosRealmWithFallbackWithWrongCredentialWithKerberos(AbstractKerberosEjbTestCase.java:427) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.jboss.arquillian.junit.Arquillian$8$1.invoke(Arquillian.java:379) at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60) at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114) at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67) at org.jboss.arquillian.container.test.impl.execution.ClientTestExecuter.execute(ClientTestExecuter.java:53) at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createTestContext(ContainerEventController.java:129) at sun.reflect.GeneratedMethodAccessor16.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143) at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:136) at org.jboss.arquillian.junit.Arquillian$8.evaluate(Arquillian.java:372) at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:246) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431) at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55) at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:260) at org.jboss.arquillian.junit.Arquillian$7$1.invoke(Arquillian.java:324) at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.execute(ClientBeforeAfterLifecycleEventExecuter.java:99) at org.jboss.arquillian.container.test.impl.execution.ClientBeforeAfterLifecycleEventExecuter.on(ClientBeforeAfterLifecycleEventExecuter.java:72) at sun.reflect.GeneratedMethodAccessor8.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:103) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:85) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createContext(ContainerEventController.java:142) at org.jboss.arquillian.container.test.impl.client.ContainerEventController.createBeforeContext(ContainerEventController.java:124) at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:130) at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:92) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:73) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:96) at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:92) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:143) at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:114) at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.fireCustomLifecycle(EventTestRunnerAdaptor.java:159) at org.jboss.arquillian.junit.Arquillian$7.evaluate(Arquillian.java:317) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:205) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:431) at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:55) at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:219) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:167) at org.jboss.eapqe.krbldap.arquillian.runner.LdapKrbRunner.run(LdapKrbRunner.java:50) at org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:264) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:153) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:124) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) [Krb5LoginModule]: Entering logout [Krb5LoginModule]: logged out Subject
Note, similar scenario with none fallback username/password works well.
Also note, when correct fallback username / password PLAIN is used instead of GSSAPI.
In CR1 there was GSSAPI tried as first mechanism:
11:36:12,924 TRACE [org.jboss.remoting.remote] (management I/O-2) No message ready; returning Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false Refreshing Kerberos configuration [Krb5LoginModule] user entered username: hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG principal is hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG Commit Succeeded 11:36:12,993 INFO [org.jboss.ejb.client] (main) EJBCLIENT000064: org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead 11:36:13,005 INFO [org.wildfly.naming] (main) WildFly Naming version 1.0.1.Final-redhat-1 11:36:13,020 INFO [org.wildfly.naming] (main) WFNAM00049: Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead 11:36:13,056 INFO [org.jboss.ejb.client] (main) JBoss EJB Client version 4.0.0.Final-redhat-1 11:36:13,137 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Initialized connection from /127.0.0.1:54821 to /127.0.0.1:8080 with options {org.jboss.remoting3.RemotingOptions.SASL_PROTOCOL=>remote,org.xnio.Options.TCP_NODELAY=>true,org.xnio.Options.REUSE_ADDRESSES=>true} 11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Accepted connection from /127.0.0.1:54821 to localhost.localdomain/127.0.0.1:8080 11:36:13,138 TRACE [org.jboss.remoting.remote] (default I/O-6) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@39c04ab3 11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Sent 28 bytes 11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Flushed channel 11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) No buffers in queue for message header 11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Allocated fresh buffers 11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received 46 bytes 11:36:13,138 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received message java.nio.HeapByteBuffer[pos=0 lim=42 cap=8192] 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Received java.nio.HeapByteBuffer[pos=0 lim=42 cap=8192] 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capabilities request 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: version 1 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: message close protocol supported 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: remote version is "5.0.0.Final-redhat-1" 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: remote channels in is "40" 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: remote channels out is "40" 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received capability: authentication service 11:36:13,138 TRACE [org.jboss.remoting.remote.server] (default I/O-6) No EXTERNAL mechanism due to lack of SSL 11:36:13,141 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Added mechanism GSSAPI 11:36:13,141 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Added mechanism PLAIN 11:36:13,141 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Sent 72 bytes 11:36:13,141 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Flushed channel 11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) No buffers in queue for message header 11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Allocated fresh buffers 11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received 589 bytes 11:36:13,191 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received message java.nio.HeapByteBuffer[pos=0 lim=585 cap=8192] 11:36:13,191 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Received java.nio.HeapByteBuffer[pos=0 lim=585 cap=8192] 11:36:13,191 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received authentication request 11:36:13,191 TRACE [org.wildfly.security] (default I/O-6) Handling MechanismInformationCallback type='SASL' name='GSSAPI' host-name='localhost.localdomain' protocol='remote' 11:36:13,191 TRACE [org.wildfly.security] (default I/O-6) Handling MechanismInformationCallback type='SASL' name='GSSAPI' host-name='localhost.localdomain' protocol='remote' 11:36:13,193 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) configuredMaxReceiveBuffer=16777215 11:36:13,193 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) relaxComplianceChecks=false 11:36:13,193 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) QOP={AUTH} 11:36:13,194 TRACE [org.wildfly.security.sasl.gssapi.server] (default I/O-6) Obtaining GSSCredential for the service from callback handler... 11:36:13,194 TRACE [org.wildfly.security] (default I/O-6) No valid cached credential, obtaining new one... 11:36:13,195 TRACE [org.wildfly.security] (default I/O-6) Logging in using LoginContext and subject [Subject: ] 11:36:13,198 INFO [stdout] (default I/O-6) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator false KeyTab is /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab refreshKrb5Config is false principal is remote/localhost.localdomain@JBOSS.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false 11:36:13,200 INFO [stdout] (default I/O-6) principal is remote/localhost.localdomain@JBOSS.ORG 11:36:13,200 INFO [stdout] (default I/O-6) Will use keytab 11:36:13,200 INFO [stdout] (default I/O-6) Commit Succeeded 11:36:13,200 INFO [stdout] (default I/O-6) 11:36:13,200 TRACE [org.wildfly.security] (default I/O-6) Logging in using LoginContext and subject [Subject: Principal: remote/localhost.localdomain@JBOSS.ORG Private Credential: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab for remote/localhost.localdomain@JBOSS.ORG ] succeed 11:36:13,202 TRACE [org.wildfly.security] (default I/O-6) Creating GSSName for Principal 'remote/localhost.localdomain@JBOSS.ORG' 11:36:13,205 INFO [stdout] (default I/O-6) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab for remote/localhost.localdomain@JBOSS.ORG 11:36:13,205 INFO [stdout] (default I/O-6) Found KeyTab /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb.8330133496801252397.keytab for remote/localhost.localdomain@JBOSS.ORG 11:36:13,205 TRACE [org.wildfly.security] (default I/O-6) Obtained GSSCredentialCredential [org.wildfly.security.credential.GSSKerberosCredential@1f] 11:36:13,205 TRACE [org.wildfly.security] (default I/O-6) Handling ServerCredentialCallback: successfully obtained credential type type=class org.wildfly.security.credential.GSSKerberosCredential, algorithm=null, params=null 11:36:13,206 TRACE [org.wildfly.security] (default I/O-6) Creating SaslServer [org.wildfly.security.sasl.gssapi.GssapiServer@3bf8706d] for mechanism [GSSAPI] and protocol [remote] 11:36:13,206 TRACE [org.wildfly.security] (default I/O-6) Created SaslServer [org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1@15819e1->org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer@698724e1->org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1@11ef363a->org.wildfly.security.sasl.gssapi.GssapiServer@3bf8706d] for mechanism [GSSAPI] 11:36:13,206 TRACE [org.jboss.remoting.endpoint] (default I/O-6) Allocated tick to 8 of endpoint "localhost" <5efbe9d8> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@696c5772) 11:36:13,208 INFO [stdout] (default task-1) Entered Krb5Context.acceptSecContext with state=STATE_NEW 11:36:13,210 INFO [stdout] (default task-1) Java config name: /home/mchoma/workspace/git-repositories/tests-ldap-kerberos-eap7/eap71/target/krb/krb5-5406040978843173228.conf 11:36:13,210 INFO [stdout] (default task-1) Loaded from Java config 11:36:13,212 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG 11:36:13,212 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote 11:36:13,212 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain 11:36:13,212 INFO [stdout] (default task-1) >>> KeyTab: load() entry length: 65; type: 3 11:36:13,212 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG 11:36:13,212 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote 11:36:13,212 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTab: load() entry length: 73; type: 23 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTab: load() entry length: 81; type: 16 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): JBOSS.ORG 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): remote 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTabInputStream, readName(): localhost.localdomain 11:36:13,213 INFO [stdout] (default task-1) >>> KeyTab: load() entry length: 73; type: 17 11:36:13,213 INFO [stdout] (default task-1) Looking for keys for: remote/localhost.localdomain@JBOSS.ORG 11:36:13,214 INFO [stdout] (default task-1) Added key: 17version: 0 11:36:13,214 INFO [stdout] (default task-1) Added key: 16version: 0 11:36:13,214 INFO [stdout] (default task-1) Added key: 23version: 0 11:36:13,214 INFO [stdout] (default task-1) Found unsupported keytype (3) for remote/localhost.localdomain@JBOSS.ORG 11:36:13,214 INFO [stdout] (default task-1) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType 11:36:13,249 INFO [stdout] (default task-1) default etypes for permitted_enctypes: 17. 11:36:13,249 INFO [stdout] (default task-1) >>> EType: sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType 11:36:13,251 INFO [stdout] (default task-1) MemoryCache: add 1506936973/189591/A02CDB16BED2CE9407A517E7FA6BB8BB/hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG to hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG|remote/localhost.localdomain@JBOSS.ORG 11:36:13,251 INFO [stdout] (default task-1) >>> KrbApReq: authenticate succeed. 11:36:13,252 INFO [stdout] (default task-1) Krb5Context setting peerSeqNumber to: 617563930 11:36:13,252 INFO [stdout] (default task-1) Krb5Context setting mySeqNumber to: 617563930 11:36:13,252 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) Negotiated mechanism 1.2.840.113554.1.2.2 11:36:13,253 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) No response so triggering next state immediately. 11:36:13,253 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) Not offering a security layer so zero length. 11:36:13,253 INFO [stdout] (default task-1) Krb5Context.wrap: data=[01 00 00 00 ] 11:36:13,254 INFO [stdout] (default task-1) Krb5Context.wrap: token=[05 04 01 ff 00 0c 00 00 00 00 00 00 24 cf 47 1a 01 00 00 00 c4 7d 34 ca 96 80 af c8 08 6c 08 42 ] 11:36:13,254 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-1) Transitioning to receive chosen security layer from client 11:36:13,254 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication challenge 11:36:13,254 TRACE [org.jboss.remoting.remote] (default task-1) Setting read listener to org.jboss.remoting3.remote.ServerConnectionOpenListener$Authentication@44988b18 11:36:13,254 TRACE [org.jboss.remoting.endpoint] (default task-1) Resource closed count 00000007 of endpoint "localhost" <5efbe9d8> (closed org.jboss.remoting3.EndpointImpl$TrackingExecutor@696c5772) 11:36:13,254 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Sent 37 bytes 11:36:13,254 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Flushed channel 11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) No buffers in queue for message header 11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Allocated fresh buffers 11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received 37 bytes 11:36:13,256 TRACE [org.jboss.remoting.remote.connection] (default I/O-6) Received message java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192] 11:36:13,256 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Received java.nio.HeapByteBuffer[pos=0 lim=33 cap=8192] 11:36:13,256 TRACE [org.jboss.remoting.remote.server] (default I/O-6) Server received authentication response 11:36:13,256 TRACE [org.jboss.remoting.endpoint] (default I/O-6) Allocated tick to 8 of endpoint "localhost" <5efbe9d8> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor@696c5772) 11:36:13,257 INFO [stdout] (default task-2) Krb5Context.unwrap: token=[05 04 00 ff 00 0c 00 00 00 00 00 00 24 cf 47 1a 01 00 00 00 46 60 2b ed aa a6 9d 48 1b 4b a2 6f ] 11:36:13,257 INFO [stdout] (default task-2) Krb5Context.unwrap: data=[01 00 00 00 ] 11:36:13,257 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-2) Client selected security layer AUTH, with maxBuffer of 0 11:36:13,258 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-2) Authentication ID=hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG, Authorization ID=hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG 11:36:13,258 TRACE [org.wildfly.security] (default task-2) Principal assigning: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG], pre-realm rewritten: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b], realm name: [fileSystemRealm], post-realm rewritten: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b], realm rewritten: [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b] 11:36:13,259 TRACE [org.wildfly.security] (default task-2) Role mapping: principal [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b] -> decoded roles [Users] -> realm mapped roles [Users] -> domain mapped roles [Users] 11:36:13,259 TRACE [org.wildfly.security] (default task-2) Authorizing principal hnelsona409841a-435c-45cc-9660-ae8e20d9db1b. 11:36:13,259 TRACE [org.wildfly.security] (default task-2) Authorizing against the following attributes: [Roles] => [Users] 11:36:13,260 TRACE [org.wildfly.security] (default task-2) Permission mapping: identity [hnelsona409841a-435c-45cc-9660-ae8e20d9db1b] with roles [Users] implies ("org.wildfly.security.auth.permission.LoginPermission" "") = true 11:36:13,260 TRACE [org.wildfly.security] (default task-2) Authorization succeed 11:36:13,260 TRACE [org.wildfly.security] (default task-2) RunAs authorization succeed - the same identity 11:36:13,260 TRACE [org.wildfly.security] (default task-2) Handling AuthorizeCallback: authenticationID = hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG authorizationID = hnelsona409841a-435c-45cc-9660-ae8e20d9db1b@JBOSS.ORG authorized = true 11:36:13,260 INFO [stdout] (default task-2) >>> Constrained deleg from GSSCaller{UNKNOWN} 11:36:13,261 TRACE [org.wildfly.security.sasl.gssapi.server] (default task-2) Negotiation complete. 11:36:13,261 TRACE [org.wildfly.security] (default task-2) Handling AuthenticationCompleteCallback: succeed 11:36:13,261 TRACE [org.wildfly.security] (default task-2) Handling SecurityIdentityCallback: identity = SecurityIdentity{principal=hnelsona409841a-435c-45cc-9660-ae8e20d9db1b, securityDomain=org.wildfly.security.auth.server.SecurityDomain@763c7c99, authorizationIdentity=EMPTY, realmInfo=RealmInfo{name='fileSystemRealm', securityRealm=org.wildfly.security.auth.realm.FileSystemSecurityRealm@333efc3a}, creationTime=2017-10-02T09:36:13.259Z} 11:36:13,261 TRACE [org.jboss.remoting.remote.server] (default task-2) Server sending authentication complete
Seems problem will be with ejb-client, as scenario works against CR2 with
- legacy ejb client
- CR1 ejb-client 4.0.0.Final-redhat-1
- is cloned by
-
EJBCLIENT-278 Kerberos authentication does not have priority over PLAIN
- Resolved