Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8112

Unable to authenticate with kerberos ticket to http management interface secured by legacy solution

    XMLWordPrintable

Details

    Description

      When http management interface is secured with kerberos in legacy security solution.

      • By accessing management interface with browser (e.g. http://localhost.localdomain:9990/management?operation=attribute&name=server-state ) http status code 403 is returned instead of 401. That mean also there is no http header "WWW-Authenticate: Negotiate". So authentication with kerberos ticket is not even tried.
      • By accessing http management intarface with jboss-cli output is 
        1: Failed to connect to the controller: Unable to authenticate against controller at localhost.localdomain:9990: Authentication failed: the server presented no authentication mechanisms

      This is regression against EAP 7.0. Customers migrating to EAP 7.1 won't be able to continue using this feature.

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-7960 (7.1.0) Upgrade to WildFly Core to 3.0.0.Alpha22

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Task - Represents a small unit of work that is not end-user facing. WFCORE-1955 Wrap Kerberos behaviour of legacy realms with Elytron components

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          relates to

          Task - Represents a small unit of work that is not end-user facing. JBEAP-13129 Fix/unignore KerberosServerIdentityTestCase

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Pull Request Sent

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: