| Summary: | Securing management console with LDAP authentication prevents access | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Chris Dolphy <cdolphy> | ||||
| Component: | Web Console | Assignee: | Darran Lofthouse <darran.lofthouse> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jakub Cechacek <jcechace> | ||||
| Severity: | unspecified | Docs Contact: | Russell Dickenson <rdickens> | ||||
| Priority: | unspecified | ||||||
| Version: | 6.2.0 | CC: | brian.stansberry, darran.lofthouse, jawilson, jcacek, jdoyle, jerome.blion, jkudrnac, myarboro | ||||
| Target Milestone: | CR1 | ||||||
| Target Release: | EAP 6.2.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-12-15 16:15:50 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Created attachment 818044 [details]
standalone.xml to reproduce issue
I will have a look. A quick test on WildFly and WildFly does not seem affected. I can reproduce on the latest EAP - there should not actually be anything specific to the console so for that reason I am going to take ownership for now while I investigate further. Due to the different HTTP servers in use between WildFly and EAP I would suspect a mistake in the merge between the two. I don't actually see a question being asked with the needinfo flag so I am going to clear it as I am now investigating. Found it - an issue specific to the BasicAuthenticator within EAP, should only be a minor change. Verified in CR1-preview. |
Description of problem: Recieve following error in browser when trying to access /console: The management interface could not be loaded. Authentication required. after enabling LDAP authentication for http-interface and although the user is successfully looked up in LDAP, Same configuration works in EAP 6.1.1. Version-Release number of selected component (if applicable): EAP 6.2.0 beta How reproducible: reproducible with steps below Steps to Reproduce: 1. setup LDAP server with appropriate user 2. create outbound-connection. e.g. <outbound-connections> <ldap name="ldap_connection" url="ldap://localhost:10389" search-dn="uid=admin,ou=system" search-credential="secret"/> </outbound-connections> 3.create ldap security realm: <security-realm name="ldap_security_realm"> <authentication> <ldap connection="ldap_connection" base-dn="ou=users,ou=system" recursive="true" user-dn="dn"> <username-filter attribute="uid"/> </ldap> </authentication> </security-realm> 4. change http-interface to use security-realm: e.g. <http-interface security-realm="ldap_security_realm"> 5. login to http:localhost:9990/console Actual results: Login is accepted, but browser displays: The management interface could not be loaded. Authentication required. Log file shows: 14:32:28,062 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) Performing recursive search 14:32:28,062 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) Searching for user 'testuser' using filter '(uid={0})'. 14:32:28,064 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) DN 'cn=testuser,ou=users,ou=system' found for user 'testuser' 14:32:28,066 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) Password verified for user 'testuser' Expected results: management console is displayed. Additional info: see attachment for standalone.xml