Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-15126

[GSS](7.1.z) org.wildfly.security.sasl.gssapi.GssapiClientFactory on the classpath of jboss-client.jar

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • None
    • 7.1.3.GA
    • Security
    • None
    • ?
    • Hide

      Set wildfly.sasl.relax-compliance = true

      <?xml version="1.0" encoding="UTF-8"?>
<configuration>
        <authentication-client xmlns="urn:elytron:1.0">
                <authentication-rules>
                        <rule use-configuration="test"/>
                </authentication-rules>
        <authentication-configurations>
                <configuration name="test">
                        <set-mechanism-properties>
                                <property key="wildfly.sasl.relax-compliance" value="true"/>
                        </set-mechanism-properties>
                </configuration>
        </authentication-configurations>
        </authentication-client>
</configuration>

       

      Show
      Set wildfly.sasl.relax-compliance = true <?xml version="1.0" encoding="UTF-8"?> <configuration> <authentication-client xmlns="urn:elytron:1.0"> <authentication-rules> <rule use-configuration="test"/> </authentication-rules> <authentication-configurations> <configuration name="test"> <set-mechanism-properties> <property key="wildfly.sasl.relax-compliance" value="true"/> </set-mechanism-properties> </configuration> </authentication-configurations> </authentication-client> </configuration>  

      ELY-271 mentions this error was happening because the org.wildfly.security.sasl.gssapi.GssapiClientFactory service was on the classpath, there was JBEAP-715 and JBEAP-5922 which got closed because of some packaging updates which removed the issue by removing it from the classpath or such.

      The jboss-client.jar has:

      • the class org.wildfly.security.sasl.gssapi.GssapiClientFactory
      • the META-INF/services/javax.security.sasl.SaslClientFactory:org.wildfly.security.sasl.gssapi.GssapiClientFactory

      So it looks like perhaps the services file should not list it? Should the class be included in the jboss-client.jar ? 

        Suppressed: javax.security.sasl.SaslException: ELY05108: [GSSAPI] Unable to create response token [Caused by javax.security.sasl.SaslException: ELY05127: [GSSAPI] No security layer supported by server but maximum message size received: "65536"]
    at org.wildfly.security.sasl.gssapi.GssapiClient.evaluateMessage(GssapiClient.java:307)
    at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
    at org.wildfly.security.sasl.gssapi.GssapiClient.evaluateChallenge(GssapiClient.java:212)
    at org.wildfly.security.sasl.util.AbstractDelegatingSaslClient.evaluateChallenge(AbstractDelegatingSaslClient.java:54)
    at org.wildfly.security.sasl.util.PrivilegedSaslClient.lambda$evaluateChallenge$0(PrivilegedSaslClient.java:55)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.wildfly.security.sasl.util.PrivilegedSaslClient.evaluateChallenge(PrivilegedSaslClient.java:55)
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.lambda$handleEvent$0(ClientConnectionOpenListener.java:650)
    at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:949)
    ... 3 more
  Caused by: javax.security.sasl.SaslException: ELY05127: [GSSAPI] No security layer supported by server but maximum message size received: "65536"
    at org.wildfly.security.sasl.gssapi.GssapiClient.evaluateMessage(GssapiClient.java:275)
    ... 11 more
  Suppressed: javax.security.sasl.SaslException: PLAIN: Server rejected authentication
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:736)
    at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:578)
    at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
    at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
    at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
    at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

        1. reproducer.tar.gz
          6 kB
        2. server.jar
          3 kB

            spyrkob Bartosz Spyrko-Smietanko
            rhn-support-bmaxwell Brad Maxwell
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: