Hide Forgot
Description of problem: Configuring <ldap/> for security realm, failed to login admin console. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Change standalone.xml <management> <security-realms> <security-realm name="ManagementRealm"> <authentication> <local default-user="$local"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="ApplicationRealm"> <authentication> <local default-user="$local" allowed-users="*"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="ldap_security_realm"> <authentication> <ldap base-dn="dc=redhat,dc=com" connection="ldap_connection" recursive="true"> <username-filter attribute="uid"/> </ldap> </authentication> </security-realm> </security-realms> <outbound-connections> <ldap name="ldap_connection" search-credential="password" search-dn="cn=Directory Manager" url="ldap://host02:389"/> </outbound-connections> <audit-log> <formatters> <json-formatter name="json-formatter"/> </formatters> <handlers> <file-handler name="file" formatter="json-formatter" relative-to="jboss.server.data.dir" path="audit-log.log"/> </handlers> <logger log-boot="true" log-read-only="false" enabled="false"> <handlers> <handler name="file"/> </handlers> </logger> </audit-log> <management-interfaces> <!-- <native-interface security-realm="ManagementRealm"> --> <native-interface security-realm="ldap_security_realm"> <socket-binding native="management-native"/> </native-interface> <!-- <http-interface security-realm="ManagementRealm"> --> <http-interface security-realm="ldap_security_realm"> <socket-binding http="management-http"/> </http-interface> </management-interfaces> 2. access http://localhost:9990/console/App.html 3. login with a valid user account/password 4. There is no log message, but ClassCastException is thrown internally at BasicAuthenticator.java:110. Actual results: Expected results: Additional info:
Attaching debugger, I confirmed EAP6 is attempting to cast org.jboss.com.sun.net.httpserver.HttpPrincipal to SubjectHttpPrincipal. Since it throws the exception, subsequent authentication process is not performed, and the authentication failed. jdb output:- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HttpManagementService-threads - 3[1] next > Step completed: "thread=HttpManagementService-threads - 3", org.jboss.as.domain.http.server.security.BasicAuthenticator._authenticate(), line=110 bci=107 HttpManagementService-threads - 3[1] print response.getPrincipal().getClass() response.getPrincipal().getClass() = "class org.jboss.com.sun.net.httpserver.HttpPrincipal" HttpManagementService-threads - 3[1] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ org.jboss.as.domain.http.server.security.BasicAuthenticator:- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SubjectHttpPrincipal principal = (SubjectHttpPrincipal) ((Success) response).getPrincipal(); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please add this to blocker list of EAP 6.2.0.GA, because this is a fundamental feature which many customers are using now on EAP 6.1.x and 6.0.x.
Hi Josef, it works fine on 6.2.0.CR3 bits! Thanks!