0 Replies Latest reply on Aug 24, 2016 2:06 PM by kiranmohan

    Authentication fail with UsersRoles Login Module and hashed password.

    kiranmohan

      Hi,

       

      I am configuring a security domain in Wildfly 10. While connecting to EJB from a remote client, I get the below error.

      It seems to happen only if the password is hashed in user properties files.

      WARN: Could not register a EJB receiver for connection to localhost:8080
      javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
          PLAIN: Server rejected authentication
      
      
      
      
      

      Is this a bug?

      If not how do I fix this?

       

      Below is the configuration for the security domain

                  <security-domain name="ejb-ssl-domain" cache-type="default">
                          <authentication>
                              <login-module name="ejb-ssl-user-roles" code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/ejb-ssl-users.properties"/>
                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/ejb-ssl-roles.properties"/>
                                  <module-option name="hashAlgorithm" value="SHA-256"/>
                                  <module-option name="hashEncoding" value="base64"/>
                                  <module-option name="hashUserPassword" value="true"/>
                              </login-module>
                          </authentication>
                      </security-domain>
      
      
      
      
      

       

      I have added user to ${jboss.server.config.dir}/ejb-ssl-users.properties

      using the $WILDFLY_HOME/bin/add-user.sh utility script.

      So the password in the user properties file is hashed.

       

      Below is the jboss-ejb-client.properties file

      endpoint.name=client-endpoint
      remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
      
      remote.connections=default
      
      remote.connection.default.host=localhost
      remote.connection.default.port=8080
      remote.connection.default.username=ejbUserOne
      remote.connection.default.password=ejbPasswordOne
      
      remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS=false
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
      remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false
      remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
      
      

       

      jndi.properties

      # using techniques mentioned in "https://docs.jboss.org/author/display/WFLY8/EJB+invocations+from+a+remote+client+using+JNDI"
      java.naming.factory.url.pkgs=org.jboss.ejb.client.naming
      #