Description of problem: Recieve following error in browser when trying to access /console: The management interface could not be loaded. Authentication required. after enabling LDAP authentication for http-interface and although the user is successfully looked up in LDAP, Same configuration works in EAP 6.1.1. Version-Release number of selected component (if applicable): EAP 6.2.0 beta How reproducible: reproducible with steps below Steps to Reproduce: 1. setup LDAP server with appropriate user 2. create outbound-connection. e.g. <outbound-connections> <ldap name="ldap_connection" url="ldap://localhost:10389" search-dn="uid=admin,ou=system" search-credential="secret"/> </outbound-connections> 3.create ldap security realm: <security-realm name="ldap_security_realm"> <authentication> <ldap connection="ldap_connection" base-dn="ou=users,ou=system" recursive="true" user-dn="dn"> <username-filter attribute="uid"/> </ldap> </authentication> </security-realm> 4. change http-interface to use security-realm: e.g. <http-interface security-realm="ldap_security_realm"> 5. login to http:localhost:9990/console Actual results: Login is accepted, but browser displays: The management interface could not be loaded. Authentication required. Log file shows: 14:32:28,062 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) Performing recursive search 14:32:28,062 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) Searching for user 'testuser' using filter '(uid={0})'. 14:32:28,064 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) DN 'cn=testuser,ou=users,ou=system' found for user 'testuser' 14:32:28,066 TRACE [org.jboss.as.domain.management.security] (HttpManagementService-threads - 1) Password verified for user 'testuser' Expected results: management console is displayed. Additional info: see attachment for standalone.xml
Created attachment 818044 [details] standalone.xml to reproduce issue
I will have a look.
A quick test on WildFly and WildFly does not seem affected.
I can reproduce on the latest EAP - there should not actually be anything specific to the console so for that reason I am going to take ownership for now while I investigate further. Due to the different HTTP servers in use between WildFly and EAP I would suspect a mistake in the merge between the two. I don't actually see a question being asked with the needinfo flag so I am going to clear it as I am now investigating.
Found it - an issue specific to the BasicAuthenticator within EAP, should only be a minor change.
Verified in CR1-preview.