0 Replies Latest reply on Nov 16, 2016 11:10 AM by rtgher

    Trying to remotely connect via a custom security-domain.

    rtgher
    rtgher Nov 16, 2016 11:10 AM

      Hello,

       

      I've been trying to get a remote server to connect via the http-remote protocol to a host server.

       

      I'm also using a vault authentication to connect via this method, so I'm using a security-domain to do it, for which I made a custom module.

       

       

      In order for the subsystem to use that security-domain, I'm using a custom security-realm.
      Long story short, it doesn't work, and I' not sure why. Here are my stuff:

       

       

      module.xml:

      <?xml version="1.0" encoding="UTF-8"?>

       

      <module xmlns="urn:jboss:module:1.1" name="com.ford.odyssey.authentication">

          <properties>

        <property name="jmsuser" />

        <property name="jmspassword" />

          </properties>

       

          <resources>

              <resource-root path="VaultLoginModule.jar"/>

        <resource-root path="jimi-1.0.jar"/>

          </resources>

       

          <dependencies>

              <module name="org.picketbox"/>

       

        <module name="javax.api"/>

          </dependencies>

      </module>

       

      all other stuff are in the standalone.xml

      Vault config:

      <vault>

              <vault-option name="KEYSTORE_URL" value="${jboss.server.config.dir}\vault.keystore"/>

              <vault-option name="KEYSTORE_PASSWORD" value="MASK-252yqGVPGUvx4P9rYVGVmu"/>

              <vault-option name="KEYSTORE_ALIAS" value="vault"/>

              <vault-option name="SALT" value="12345678"/>

              <vault-option name="ITERATION_COUNT" value="50"/>

              <vault-option name="ENC_FILE_DIR" value="${jboss.server.config.dir}"/>

          </vault>

       

      Realm config:

      <security-realm name="VaultRealm">

                      <authentication>

                          <jaas name="vault-login-module"/>

                      </authentication>

                  </security-realm>

       

      Security-domain:

      <subsystem xmlns="urn:jboss:domain:security:1.2">

                  <security-domains>

                      <security-domain name="vault-login-module" cache-type="default">

                          <authentication>

                              <login-module code="com.ford.odyssey.authentication" flag="required"/>

                          </authentication>

                      </security-domain>

       

      Remoting subsystem:

      <subsystem xmlns="urn:jboss:domain:remoting:3.0">

                  <http-connector name="http-remoting-connector" connector-ref="default" security-realm="VaultRealm"/>

              </subsystem>

       

      Error from the other server:

       

      Exception in thread "main" javax.naming.AuthenticationException: Failed to connect to any server. Servers tried: [http-remoting://10.0.6.198:8081 (Authentication failed: all available authentication mechanisms failed:)] [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:]

              at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:238)

              at org.jboss.naming.remote.client.HaRemoteNamingStore.namingStore(HaRemoteNamingStore.java:149)

              at org.jboss.naming.remote.client.HaRemoteNamingStore.namingOperation(HaRemoteNamingStore.java:130)

              at org.jboss.naming.remote.client.HaRemoteNamingStore.lookup(HaRemoteNamingStore.java:272)

              at org.jboss.naming.remote.client.RemoteContext.lookupInternal(RemoteContext.java:104)

              at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:93)

              at org.jboss.naming.remote.client.RemoteContext.lookup(RemoteContext.java:146)

              at javax.naming.InitialContext.lookup(Unknown Source)

              at Testjndi.main(Testjndi.java:14)

      Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:

              at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:114)

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:449)

              at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:241)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

              at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:199)

              at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:113)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

              at org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)

              at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

              at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

              at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:88)

              at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)

              at ...asynchronous invocation...(Unknown Source)

              at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:294)

              at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:275)

              at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:379)

              at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:363)

              at org.jboss.naming.remote.client.EndpointCache$EndpointWrapper.connect(EndpointCache.java:111)

              at org.jboss.naming.remote.client.HaRemoteNamingStore.failOverSequence(HaRemoteNamingStore.java:197)

              ... 8 more

      • 140 Views
      • Tags: