Trying to remotely connect via a custom security-domain.
rtgher Nov 16, 2016 11:10 AMHello,
I've been trying to get a remote server to connect via the http-remote protocol to a host server.
I'm also using a vault authentication to connect via this method, so I'm using a security-domain to do it, for which I made a custom module.
In order for the subsystem to use that security-domain, I'm using a custom security-realm.
Long story short, it doesn't work, and I' not sure why. Here are my stuff:
module.xml:
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.ford.odyssey.authentication">
<properties>
<property name="jmsuser" />
<property name="jmspassword" />
</properties>
<resources>
<resource-root path="VaultLoginModule.jar"/>
<resource-root path="jimi-1.0.jar"/>
</resources>
<dependencies>
<module name="org.picketbox"/>
<module name="javax.api"/>
</dependencies>
</module>
all other stuff are in the standalone.xml
Vault config:
<vault>
<vault-option name="KEYSTORE_URL" value="${jboss.server.config.dir}\vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-252yqGVPGUvx4P9rYVGVmu"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="50"/>
<vault-option name="ENC_FILE_DIR" value="${jboss.server.config.dir}"/>
</vault>
Realm config:
<security-realm name="VaultRealm">
<authentication>
<jaas name="vault-login-module"/>
</authentication>
</security-realm>
Security-domain:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="vault-login-module" cache-type="default">
<authentication>
<login-module code="com.ford.odyssey.authentication" flag="required"/>
</authentication>
</security-domain>
Remoting subsystem:
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="VaultRealm"/>
</subsystem>
Error from the other server:
Exception in thread "main" javax.naming.AuthenticationException: Failed to connect to any server. Servers tried: [http-remoting://10.0.6.198:8081 (Authentication failed: all available authentication mechanisms failed:)] [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:]
at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:238)
at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:149)
at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:130)
at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:272)
at org.jboss.naming.remote.client.RemoteContext.lookupInternal(RemoteContext.java:104)
at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:93)
at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:146)
at javax.naming.InitialContext.lookup(Unknown Source)
at Testjndi.main(Testjndi.java:14)
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:114)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:449)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:241)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:199)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:113)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:294)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:275)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:379)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:363)
at org.jboss.naming.remote.client.EndpointCache$EndpointWrapper.connect(EndpointCache.java:111)
at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:197)
... 8 more