4 Replies Latest reply on Dec 29, 2016 5:35 AM by twimnox

    Unable to load org.jboss.security.negotiation.KerberosLoginModule class

    nikoss

      I am using Wildfly 10.1.0 and I want to enable Datasource Kerberos authentication

       

      The relevant part of the security domain is:

      <security-domain name="DatabaseUser" cache-type="default">
            <authentication>
            <login-module code="Kerberos" flag="required">                                    
                <module-option name="useKeyTab" value="true"/>
                <module-option name="keyTab" value="/usr/share/wildfly/wildfly-10.1.0.Final/standalone/configuration/wildfly.keytab"/>
                <module-option name="principal" value="wildfly@NOMISMA"/>
                <module-option name="doNotPrompt" value="true"/>
                <module-option name="isInitiator" value="true"/>
                <module-option name="storeKey" value="true"/>
                <module-option name="refreshKrb5Config" value="true"/>
                <module-option name="debug" value="true"/>
            </login-module>
        </authentication>
      </security-domain>
      

       

       

      The problem is that I receive the following exception:

       

      02:27:34,856 DEBUG [org.jboss.security] (MSC service thread 1-2) PBOX00206: Login failure: javax.security.auth.login.LoginException:

      unable to find LoginModule class: org.jboss.security.negotiation.KerberosLoginModule from

      [Module "org.picketbox:main" from local module loader @1c2c22f3 (finder: local module finder @18e8568

      (roots: /usr/share/wildfly/wildfly-10.1.0.Final/modules,/usr/share/wildfly/wildfly-10.1.0.Final/modules/system/layers/base))]    

       

       

      Checking the contents of the modules directory, I can see in that the following directory exists

       

      modules/system/layers/base/org/jboss/security/negotiation/main
      

       

       

      and it has the contents:

       

      -rw-r--r--. 1 505 505 41667 Aug 19 02:12 jboss-negotiation-common-3.0.2.Final.jar                                                                                  
      -rw-r--r--. 1 505 505 44914 Aug 19 02:12 jboss-negotiation-extras-3.0.2.Final.jar                                                                                              
      -rw-r--r--. 1 505 505 14860 Aug 19 02:12 jboss-negotiation-ntlm-3.0.2.Final.jar                                                                                                
      -rw-r--r--. 1 505 505 33894 Aug 19 02:12 jboss-negotiation-spnego-3.0.2.Final.jar                                                                                     
      -rw-r--r--. 1 505 505  1943 Aug 19 02:12 module.xml 
      
      

       

      What should I do in order to make the org.jboss.security.negotiation.KerberosLoginModule class visible to Wildfly?

        • 1. Re: Unable to load org.jboss.security.negotiation.KerberosLoginModule class
          nikoss

          Eventually I found out that I have to specify the used module explicitly by adding the "module" declaration in the "login-module".

          Therefore the correct configuration is:

           

          <security-domain name="DatabaseUser" cache-type="default">
                <authentication>
                <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
                    <module-option name="useKeyTab" value="true"/>
                    <module-option name="keyTab" value="/usr/share/wildfly/wildfly-10.1.0.Final/standalone/configuration/wildfly.keytab"/>
                    <module-option name="principal" value="wildfly@NOMISMA"/>
                    <module-option name="doNotPrompt" value="true"/>
                    <module-option name="isInitiator" value="true"/>
                    <module-option name="storeKey" value="true"/>
                    <module-option name="refreshKrb5Config" value="true"/>
                    <module-option name="debug" value="true"/>
                </login-module>
            </authentication>
          </security-domain>
          
          • 2. Re: Unable to load org.jboss.security.negotiation.KerberosLoginModule class
            twimnox

            Which file did you edit? And where is it located?

            I'm having the same issue

            • 3. Re: Unable to load org.jboss.security.negotiation.KerberosLoginModule class
              mchoma

              You hit https://issues.jboss.org/browse/WFLY-5719  .

               

              to make org.jboss.security.negotiation visible to application, you could also specify in jboss-deployment-structure.xml:

               

              • 4. Re: Unable to load org.jboss.security.negotiation.KerberosLoginModule class
                twimnox

                Is it the generic procedure for any modules?

                 

                I'm currently trying to deploy an EJB module which makes use of a middleware protocol (eclipse paho MQTT). But my JBOSS Server (Wildfly10) cannot find the required libraries. I've tried:

                 

                a) placing the library ".jar" at \wildfly-10.1.0.Final\wildfly-10.1.0.Final\modules\system\layers\base\org\eclipse\paho\main along with a "module.xml" file which contains:

                 

                <?xml version="1.0" encoding="UTF-8"?>

                <module xmlns="urn:jboss:module:1.1" name="org.eclipse.paho.client.mqttv3-1.1.0">

                    <resources>

                        <resource-root path="org.eclipse.paho.client.mqttv3-1.1.0.jar"/>

                        <!-- Insert resources here -->

                    </resources>

                </module>

                 

                My MANIFEST.MF is like this:

                 

                Manifest-Version: 1.0

                Dependencies: org.eclipse.paho.client.mqttv3-1.1.0

                 

                Is there any additional procedure I must do?

                Thanks for your help and happy holidays.