Bug 1074428 - JBoss EAP 6.3 clients can not authenticate with a username and password (Digest auth) against older EAP 6 versions.
Summary: JBoss EAP 6.3 clients can not authenticate with a username and password (Dige...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: EJB, Remoting
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ER2
: EAP 6.3.0
Assignee: Darran Lofthouse
QA Contact: Jan Martiska
Russell Dickenson
URL:
Whiteboard:
Depends On: 1080540 1080576
Blocks: eap63-beta-blockers
TreeView+ depends on / blocked
 
Reported: 2014-03-10 08:21 UTC by Jan Martiska
Modified: 2014-06-28 15:42 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-28 15:42:55 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
reproducer (17.85 MB, application/zip)
2014-03-10 08:21 UTC, Jan Martiska 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker REM3-185 0 Major Resolved Revert the default protocol when initialising SASL from 'remoting' to 'remote' 2019-01-14 15:47:23 UTC

Description Jan Martiska 2014-03-10 08:21:46 UTC 
Created attachment 872596 [details]
reproducer

When an EJB client from 6.3.0.DR2 tries to authenticate against an older server version, it gets this exception:
WARN: Could not register a EJB receiver for connection to localhost:4447
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms
When running against 6.3.0.DR2, it works.

When a client from an older version tries to authenticate against 6.3.0.DR2, it gets this exception even though the credentials are correct:
WARN: Could not register a EJB receiver for connection to localhost:4447
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
With a 6.3.0.DR2 client, it works.

When using LOCAL authentication, none of these problems occur.
This doesn't affect EAP 6.2.2.CR2, which uses the same EJB client version (1.0.25.Final-redhat-1) as 6.3.0.DR2.
It seems that the problem lies in the upgrade of JBoss Remoting to 3.3 branch. When I downgraded Remoting to 3.2.19, everything worked.
Attaching a simple reproducer. README included.
Comment 3 Darran Lofthouse 2014-03-25 15:16:04 UTC 
Although originally raised as an EJB client issue this problem seems to affect all client types.
Comment 4 Darran Lofthouse 2014-03-25 15:31:10 UTC 
Here is the underlying problem: -

15:28:50,012 TRACE [org.jboss.remoting.remote.server] (Remoting "localhost:MANAGEMENT" task-2) Server sending authentication rejected (javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched URI: remoting/localhost; expecting: remote/localhost)
Comment 5 Darran Lofthouse 2014-03-25 17:26:35 UTC 
The following component upgrade is going to be required to resolve the error being experienced: -
  https://bugzilla.redhat.com/show_bug.cgi?id=1080576

After the following upgrade EAP 6.3 will also be updates so that both 'remote' and 'remoting' are accepted as protocols within the Digest mechanism: -
  https://bugzilla.redhat.com/show_bug.cgi?id=1080540
Comment 6 Kabir Khan 2014-03-25 22:13:13 UTC 
Have set the milestone and target release, awaiting confirmation from Darran whether the merge of https://github.com/jbossas/jboss-eap/pull/1127 for https://bugzilla.redhat.com/show_bug.cgi?id=1080576 means this one should also me MODIFIED
Comment 8 Jan Martiska 2014-04-25 11:37:50 UTC 
Seems to work fine now with EAP 6.3.0.ER2, thanks.
Comment 9 Scott Mumford 2014-05-14 00:50:32 UTC 
Marking for exclusion from 6.3.0 Beta release notes as both 'affects' and 'fix' versions are listed as 6.3.0, suggesting this was not a customer-facing issue.
Note You need to log in before you can comment on or make changes to this bug.