Bug 1074428
| Summary: | JBoss EAP 6.3 clients can not authenticate with a username and password (Digest auth) against older EAP 6 versions. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Jan Martiska <jmartisk> | ||||
| Component: | EJB, Remoting | Assignee: | Darran Lofthouse <darran.lofthouse> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jan Martiska <jmartisk> | ||||
| Severity: | urgent | Docs Contact: | Russell Dickenson <rdickens> | ||||
| Priority: | unspecified | ||||||
| Version: | 6.3.0 | CC: | darran.lofthouse, kkhan, smumford | ||||
| Target Milestone: | ER2 | ||||||
| Target Release: | EAP 6.3.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-06-28 15:42:55 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1080540, 1080576 | ||||||
| Bug Blocks: | 1051640 | ||||||
| Attachments: |
|
||||||
Although originally raised as an EJB client issue this problem seems to affect all client types. Here is the underlying problem: - 15:28:50,012 TRACE [org.jboss.remoting.remote.server] (Remoting "localhost:MANAGEMENT" task-2) Server sending authentication rejected (javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched URI: remoting/localhost; expecting: remote/localhost) The following component upgrade is going to be required to resolve the error being experienced: - https://bugzilla.redhat.com/show_bug.cgi?id=1080576 After the following upgrade EAP 6.3 will also be updates so that both 'remote' and 'remoting' are accepted as protocols within the Digest mechanism: - https://bugzilla.redhat.com/show_bug.cgi?id=1080540 Have set the milestone and target release, awaiting confirmation from Darran whether the merge of https://github.com/jbossas/jboss-eap/pull/1127 for https://bugzilla.redhat.com/show_bug.cgi?id=1080576 means this one should also me MODIFIED Seems to work fine now with EAP 6.3.0.ER2, thanks. Marking for exclusion from 6.3.0 Beta release notes as both 'affects' and 'fix' versions are listed as 6.3.0, suggesting this was not a customer-facing issue. |
Created attachment 872596 [details] reproducer When an EJB client from 6.3.0.DR2 tries to authenticate against an older server version, it gets this exception: WARN: Could not register a EJB receiver for connection to localhost:4447 java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms When running against 6.3.0.DR2, it works. When a client from an older version tries to authenticate against 6.3.0.DR2, it gets this exception even though the credentials are correct: WARN: Could not register a EJB receiver for connection to localhost:4447 java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed With a 6.3.0.DR2 client, it works. When using LOCAL authentication, none of these problems occur. This doesn't affect EAP 6.2.2.CR2, which uses the same EJB client version (1.0.25.Final-redhat-1) as 6.3.0.DR2. It seems that the problem lies in the upgrade of JBoss Remoting to 3.3 branch. When I downgraded Remoting to 3.2.19, everything worked. Attaching a simple reproducer. README included.