Bug 1161123

Summary: (6.3.z) org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappingTestCase.testPassUserPrincipalToAttributeManager fails on OracleJDK 1.8 IPV6 due to 'Illegal config content:[2620:52:0:105f::ffff:22] = JBOSS.ORG'
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Dominik Pospisil <dpospisi>
Component: Security, TestsuiteAssignee: Panagiotis Sotiropoulos <psotirop>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Slavicek <pslavice>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: anmiller, bdawidow, cdewolf, dpal, jawilson, kkhan, pkremens, pskopek
Target Milestone: CR1   
Target Release: EAP 6.3.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1128091 Environment:
Last Closed: 2019-08-19 12:41:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1128091, 1161448    
Bug Blocks: 1151405, 1161071    

Description Dominik Pospisil 2014-11-06 12:51:16 UTC 
+++ This bug was initially created as a clone of Bug #1128091 +++

See: https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-6x-as-testsuite-RHEL-matrix-OracleJDK8-dualstackIPV6/1/jdk=jdk1.8,label_exp=RHEL5%26%26x86%26%26ipv6%26%26!pure-ipv6/testReport/org.jboss.as.test.integration.security.picketlink/SAML2AttributeMappingTestCase/testPassUserPrincipalToAttributeManager/

Stacktrace

javax.security.auth.login.LoginException: Illegal config content:[2620:52:0:105f::ffff:22] = JBOSS.ORG
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:555)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
	at org.jboss.as.test.integration.security.picketlink.PicketLinkTestBase.makeCallWithKerberosAuthn(PicketLinkTestBase.java:279)
	at org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappingTestCase.testPassUserPrincipalToAttributeManager(SAML2AttributeMappingTestCase.java:129)
Caused by: KrbException: Illegal config content:[2620:52:0:105f::ffff:22] = JBOSS.ORG
	at sun.security.krb5.Config.loadConfigFile(Config.java:526)
	at sun.security.krb5.Config.<init>(Config.java:176)
	at sun.security.krb5.Config.refresh(Config.java:116)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:553)

--- Additional comment from Josef Cacek on 2014-09-04 05:17:25 EDT ---

It's a test issue. The URL-formatted IPv6 address (i.e. with square brackets around) was used in the [domain_realm] section of the generated krb5.conf file.

If the line starts with '[' in krb5.conf then the parser takes it as a new section and expects ']' as the last character.

PR sent: https://github.com/jbossas/jboss-eap/pull/1645

--- Additional comment from Petr Kremensky on 2014-09-29 06:18:19 EDT ---

Verified on EAP 6.4.0.DR2
Comment 1 Panagiotis Sotiropoulos 2014-11-06 13:33:51 UTC 
PR sent : https://github.com/jbossas/jboss-eap/pull/1899
Comment 2 Petr Kremensky 2015-01-20 09:40:57 UTC 
Verified on EAP 6.3.3.CP.CR1