Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8872

Regression, kerberos + fallback ejb legacy security solution GSSAPI SASL mechanism not called

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Final
    • None
    • Security
    • None

    Description

      Given EJB secured with kerberos + fallback, using legacy security solution [1]
      When I try to authenticate using correct Kerberos ticket and wrong username/password.
      Then PLAIN SASL mechanism fails and GSSAPI is not performed.

      Same scenario works correctly in

      • 7.0
      • 7.1 Elytron way

      I have attached server.log for:

      • no username password provided
      • wrong username password provided

      [1] https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/how_to_set_up_sso_with_kerberos/#configure-krb-remoting

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-11276 Regression, kerberos + fallback ejb legacy security solution GSSAPI SASL mechanism not called

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: