jboss remoting fails to authenticate to second server
Hi, there are two servers for the same host controller, war. deployed on server-one, ejb deployed on server-two. Both are configured with remoting outbound connections, but it fails
10:14:55,112 ERROR [org.jboss.remoting.remote.connection] (Remoting "master:server-one" read-1) JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
10:14:55,113 TRACE [org.jboss.remoting.endpoint] (Remoting "master:server-one" read-1) Registered exception result: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:344) [jboss-remoting-3.2.16.GA-redhat-1.jar:3.2.16.GA-redhat-1]
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:227) [jboss-remoting-3.2.16.GA-redhat-1.jar:3.2.16.GA-redhat-1]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.ssl.JsseConnectedSslStreamChannel.handleReadable(JsseConnectedSslStreamChannel.java:180) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72) [xnio-api-3.0.7.GA-redhat-1.jar:3.0.7.GA-redhat-1]
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:187)
remoting log shows, see bold message below
10:14:55,085 INFO [stdout] (http-localhost.localdomain/127.0.0.1:8080-1) ejb: Proxy for remote EJB StatelessEJBLocator{appName='', moduleName='jboss-as-propagation-ejb', distinctName='', beanName='HelloEJB', view='interface org.jboss.as.quickstarts.ejb_security.Hello'}
10:14:55,086 TRACE [org.jboss.remoting.endpoint] (ejb-client-context-tasks-5-thread-1) Allocated tick to 3 of endpoint "master:server-one" <1b08a24b> (opened Connection to /127.0.0.1:4597)
10:14:55,087 TRACE [org.jboss.remoting.remote] (ejb-client-context-tasks-5-thread-1) Attempting to connect to "/127.0.0.1:4597" with options {org.xnio.Options.SASL_DISALLOWED_MECHANISMS=>[JBOSS-LOCAL-USER],org.xnio.Options.SASL_POLICY_NOPLAINTEXT=>false,org.xnio.Options.SASL_POLICY_NOANONYMOUS=>false,org.xnio.Options.SSL_ENABLED=>true,org.xnio.Options.SSL_STARTTLS=>true}
10:14:55,091 TRACE [org.jboss.remoting.remote] (Remoting "master:server-one" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Greeting@3f76b3c4
10:14:55,092 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Received java.nio.HeapByteBuffer[pos=24 lim=8192 cap=8192]
10:14:55,092 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received greeting
10:14:55,092 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received server name: localhost.localdomain
10:14:55,092 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client sending capabilities request
10:14:55,093 TRACE [org.jboss.remoting.remote] (Remoting "master:server-one" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@a142969
10:14:55,093 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" read-1) Sent message java.nio.HeapByteBuffer[pos=45 lim=45 cap=8192] (direct)
10:14:55,093 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" read-1) Flushed channel (direct)
10:14:55,096 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capabilities response
10:14:55,096 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: version 1
10:14:55,097 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: remote endpoint name "master:server-two"
10:14:55,097 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER
10:14:55,097 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: SASL mechanism DIGEST-MD5
10:14:55,097 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) SASL mechanism DIGEST-MD5 added to allowed set
10:14:55,098 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: message close protocol supported
10:14:55,098 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: remote version is "3.2.16.GA-redhat-1"
10:14:55,100 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client initiating authentication using mechanism DIGEST-MD5
10:14:55,101 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" task-3) Sent message java.nio.HeapByteBuffer[pos=12 lim=12 cap=8192] (direct)
10:14:55,101 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" task-3) Flushed channel (direct)
10:14:55,101 TRACE [org.jboss.remoting.remote] (Remoting "master:server-one" task-3) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication@7b750dd2
10:14:55,103 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received authentication challenge
10:14:55,104 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" task-4) Client sending authentication response
10:14:55,105 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" task-4) Sent message java.nio.HeapByteBuffer[pos=277 lim=277 cap=8192] (direct)
10:14:55,105 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" task-4) Flushed channel (direct)
10:14:55,106 DEBUG [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received authentication rejected for mechanism DIGEST-MD5
10:14:55,106 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client sending capabilities request
10:14:55,107 TRACE [org.jboss.remoting.remote] (Remoting "master:server-one" read-1) Setting read listener to org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities@41de9550
10:14:55,107 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" read-1) Sent message java.nio.HeapByteBuffer[pos=45 lim=45 cap=8192] (direct)
10:14:55,107 TRACE [org.jboss.remoting.remote.connection] (Remoting "master:server-one" read-1) Flushed channel (direct)
10:14:55,110 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capabilities response
10:14:55,110 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: version 1
10:14:55,110 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: remote endpoint name "master:server-two"
10:14:55,110 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: SASL mechanism JBOSS-LOCAL-USER
10:14:55,111 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: SASL mechanism DIGEST-MD5
10:14:55,111 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: message close protocol supported
10:14:55,111 TRACE [org.jboss.remoting.remote.client] (Remoting "master:server-one" read-1) Client received capability: remote version is "3.2.16.GA-redhat-1"
The relevant settings are provided below, can you see anything in need to a fix ?
The server is EAP 6.1. There is no commercial subscription, this is only development mode.
profile "full", where war is deployed
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>
<outbound-connections>
<remote-outbound-connection name="ejb-outbound-connection" outbound-socket-binding-ref="srv2srv-ejb-socket" username="ejbcaller" security-realm="ejb-remote-call">
<properties>
<property name="SSL_ENABLED" value="false"/>
</properties>
</remote-outbound-connection>
</outbound-connections>
</subsystem>
socket binding associated to the "full" profile
<socket-binding-group name="full-sockets" default-interface="public">
<socket-binding name="ajp" port="8009"/>
<socket-binding name="http" port="8080"/>
<socket-binding name="https" port="8443"/>
<socket-binding name="jacorb" interface="unsecure" port="3528"/>
<socket-binding name="jacorb-ssl" interface="unsecure" port="3529"/>
<socket-binding name="messaging" port="5445"/>
<socket-binding name="messaging-group" port="0" multicast-address="${jboss.messaging.group.address:231.7.7.7}" multicast-port="${jboss.messaging.group.port:9876}"/>
<socket-binding name="messaging-throughput" port="5455"/>
<socket-binding name="remoting" port="4447"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
<remote-destination host="localhost" port="25"/>
</outbound-socket-binding>
<outbound-socket-binding name="srv2srv-ejb-socket">
<remote-destination host="localhost" port="4597"/>
</outbound-socket-binding>
</socket-binding-group>
host.xml
<security-realms>
....
<security-realm name="ejb-remote-call">
<server-identities>
<secret value="QGFkbWluMTIz"/>
</server-identities>
</security-realm>
</security-realms>
WAR application WEB-INF/jboss-ejb-client.xml
<jboss-ejb-client xmlns="urn:jboss:ejb-client:1.2">
<client-context>
<ejb-receivers exclude-local-receiver="true">
<remoting-ejb-receiver outbound-connection-ref="ejb-outbound-connection"/>
</ejb-receivers>
</client-context>
</jboss-ejb-client>
Claudio