1161123 – (6.3.z) org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappingTestCase.testPassUserPrincipalToAttributeManager fails on OracleJDK 1.8 IPV6 due to 'Illegal config content:[2620:52:0:105f::ffff:22] = JBOSS.ORG'

Bug 1161123 - (6.3.z) org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappingTestCase.testPassUserPrincipalToAttributeManager fails on OracleJDK 1.8 IPV6 due to 'Illegal config content:[2620:52:0:105f::ffff:22] = JBOSS.ORG'

Summary: (6.3.z) org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappi...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Security, Testsuite
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	CR1
Target Release:	EAP 6.3.3
Assignee:	Panagiotis Sotiropoulos
QA Contact:	Pavel Slavicek
Docs Contact:
URL:
Whiteboard:
Depends On:	1128091 1161448
Blocks:	eap633-payload java8-633
TreeView+	depends on / blocked

Reported:	2014-11-06 12:51 UTC by Dominik Pospisil
Modified:	2019-08-19 12:41 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1128091
Environment:
Last Closed:	2019-08-19 12:41:56 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Dominik Pospisil 2014-11-06 12:51:16 UTC

+++ This bug was initially created as a clone of Bug #1128091 +++

See: https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-6x-as-testsuite-RHEL-matrix-OracleJDK8-dualstackIPV6/1/jdk=jdk1.8,label_exp=RHEL5%26%26x86%26%26ipv6%26%26!pure-ipv6/testReport/org.jboss.as.test.integration.security.picketlink/SAML2AttributeMappingTestCase/testPassUserPrincipalToAttributeManager/

Stacktrace

javax.security.auth.login.LoginException: Illegal config content:[2620:52:0:105f::ffff:22] = JBOSS.ORG
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:555)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
	at org.jboss.as.test.integration.security.picketlink.PicketLinkTestBase.makeCallWithKerberosAuthn(PicketLinkTestBase.java:279)
	at org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappingTestCase.testPassUserPrincipalToAttributeManager(SAML2AttributeMappingTestCase.java:129)
Caused by: KrbException: Illegal config content:[2620:52:0:105f::ffff:22] = JBOSS.ORG
	at sun.security.krb5.Config.loadConfigFile(Config.java:526)
	at sun.security.krb5.Config.<init>(Config.java:176)
	at sun.security.krb5.Config.refresh(Config.java:116)
	at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:553)

--- Additional comment from Josef Cacek on 2014-09-04 05:17:25 EDT ---

It's a test issue. The URL-formatted IPv6 address (i.e. with square brackets around) was used in the [domain_realm] section of the generated krb5.conf file.

If the line starts with '[' in krb5.conf then the parser takes it as a new section and expects ']' as the last character.

PR sent: https://github.com/jbossas/jboss-eap/pull/1645

--- Additional comment from Petr Kremensky on 2014-09-29 06:18:19 EDT ---

Verified on EAP 6.4.0.DR2

Comment 1 Panagiotis Sotiropoulos 2014-11-06 13:33:51 UTC

PR sent : https://github.com/jbossas/jboss-eap/pull/1899

Comment 2 Petr Kremensky 2015-01-20 09:40:57 UTC

Verified on EAP 6.3.3.CP.CR1

Note You need to log in before you can comment on or make changes to this bug.