9 Replies Latest reply on Nov 7, 2017 2:12 AM by mchoma

    Wildfly 11 Elytron Bcrypt Mapper

    pcarrollnf

      Hello, I am trying to use the elytron <bcrypt-mapper> for authentication.  However, authentication does not seem to working.

       

      I am using jBCrypt-0.4 to create the salt and password hash and then storing them in my database.

      The following is my <jdbc-realm> configuration in standalone-full.xml

       

      <jdbc-realm name="myRealm">

        <principal-query sql="SELECT A.PASSWORD, A.SALT_VALUE, A.ITERATION_COUNT FROM USERS A WHERE A.USER_NAME = LOWER(?)" data-source="myDS">

          <bcrypt-mapper password-index="1" salt-index="2" iteration-count-index="3"/>

        </principal-query>

        <principal-query sql="SELECT DISTINCT ROLE_NAME FROM ROLES WHERE USER_NAME = LOWER(?)" data-source="myDS">

          <attribute-mapping>

          <attribute to="roles" index="1"/>

          </attribute-mapping>

        </principal-query>

      </jdbc-realm>

       

      The following is an example of a generated hash with the password being "password" (without the double quotes).

      Full Hash: $2a$12$nxPgtSc/mSl7GG29yif15eDEexpf8mRHscv6SS6p3RHheulQtSOFu

      Salt Value: nxPgtSc/mSl7GG29yif15e

      Password Hash: DEexpf8mRHscv6SS6p3RHheulQtSOFu

      Iteration Count: 12

       

      I store the Salt Value, Password Hash and Iteration Count from above into my USERS table.  When I go to my login page and enter my username and password, the log contains the following information.

       

      TRACE [org.wildfly.security] (default task-6) Handling CachedIdentityAuthorizeCallback: principal = null  authorizedIdentity = null

      DEBUG [org.wildfly.security] (default task-6) Using UsernamePasswordAuthenticationMechanism for username authentication. Realm: [null], Username: [myUsername].

      TRACE [org.wildfly.security] (default task-6) Handling NameCallback: authenticationName = myUsername

      TRACE [org.wildfly.security] (default task-6) Principal assigning: [myUsername], pre-realm rewritten: [myUsername], realm name: [myRealm], post-realm rewritten: [myUsername], realm rewritten: [myUsername]

      TRACE [org.wildfly.security] (default task-6) Executing principalQuery SELECT A.PASSWORD, A.SALT_VALUE, A.ITERATION_COUNT FROM USERS A WHERE A.USER_NAME = LOWER(?) with value myUsername

      TRACE [org.wildfly.security] (default task-6) Executing principalQuery SELECT DISTINCT ROLE_NAME FROM ROLES WHERE USER_NAME = LOWER(?) with value myUsername

      TRACE [org.wildfly.security] (default task-6) Executing principalQuery SELECT A.PASSWORD, A.SALT_VALUE, A.ITERATION_COUNT FROM USERS A WHERE A.USER_NAME = LOWER(?) with value myUsername

      DEBUG [org.wildfly.security] (default task-6) User [myUsername] authentication failed

      TRACE [org.wildfly.security] (default task-6) Handling AuthenticationCompleteCallback: fail

       

      I am wondering if anyone has successfully used the <bcrypt-mapper> with Wildfly and, if so, what might I being doing wrong not to get it working?

       

      Thanks.