4 Replies Latest reply on Mar 14, 2019 3:10 AM by mchoma

    Elytron Client with database identity store

    szymonk92

      I am trying to migrate an application with WildFly 11.0.0.Final to WildFly 15.0.1.Final. I cannot get through the Authentication, which is based on Database-identity-store. I have a few users in DB and among them, one is username: Admin, password: admin.

      When I request for usernames in DB I use WildFly user and password as shown below, however when I try to do the same using DB user I am not able to get it. I believe my client configuration is not correct. To check out if my configuration is correct I comment the working example.

       

      Error:

      ....

      Suppressed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:

         JBOSS-LOCAL-USER: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication

         DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication

      at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109)

      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:402)

      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)

      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

      at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

      at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

      at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

      at ...asynchronous invocation...(Unknown Source)

      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:571)

      at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:537)

      at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:82)

      at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:55)

      at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:488)

      at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:434)

      at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:52)

      at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.getConnectedIdentityUsingClusterEffective(RemotingEJBDiscoveryProvider.java:311)

      at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.lambda$connectAndDiscover$0(RemotingEJBDiscoveryProvider.java:384)

      at java.security.AccessController.doPrivileged(Native Method)

      at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.connectAndDiscover(RemotingEJBDiscoveryProvider.java:384)

      at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:151)

      at org.jboss.ejb.protocol.remote.RemoteEJBDiscoveryConfigurator.lambda$configure$0(RemoteEJBDiscoveryConfigurator.java:42)

      at org.wildfly.discovery.ConfiguredProvider.discover(ConfiguredProvider.java:45)

      at org.wildfly.discovery.Discovery.discover(Discovery.java:100)

      at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.discover(DiscoveryEJBClientInterceptor.java:242)

      at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.doAnyDiscovery(DiscoveryEJBClientInterceptor.java:371)

      at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.executeDiscovery(DiscoveryEJBClientInterceptor.java:305)

      at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:95)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:491)

      at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:491)

      at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:165)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:491)

      at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203)

      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:327)

      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:173)

      ... 27 more

      Suppressed: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication

      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:736)

      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:578)

      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

      at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

      at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

      at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

      Suppressed: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication

      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:736)

      at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:578)

      at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

      at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

      at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

      at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

       

       

       

      WildFly 15.0.1.Final configuration:

       

          ./subsystem=elytron/jdbc-realm=xp-realm:add(principal-query=[ \

          { data-source=XpDS, \

          sql="SELECT password FROM T_USER WHERE status IS TRUE AND username = ?", \

          clear-password-mapper={password-index=1}}, \

          {data-source=XpDS, \

          sql="SELECT r.name AS name, 'Roles' as roles from T_ROLE r INNER JOIN T_JOIN_UMUS_UMRO j ON j.roles = r.umro_id INNER JOIN T_USER u ON j.users = u.umus_id WHERE u.username = ?", \

          attribute-mapping=[{index=1, to=roles}]}])

       

          ./subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=roles)

       

          ./subsystem=elytron/security-domain=xp-domain:add( \

          realms=[{realm=xp-realm, role-decoder=from-roles-attribute}], \

          default-realm=xp-realm, \

          permission-mapper=default-permission-mapper)

       

          ./subsystem=elytron/http-authentication-factory=xp-db-http-auth:add(http-server-mechanism-factory=global, \

          security-domain=xp-domain,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=RealmUsersRoles}]}])

       

          ./subsystem=undertow/application-security-domain=xp-security:add(http-authentication-factory=xp-db-http-auth)

       

           ./subsystem=ejb3/application-security-domain=xp-domain:add(security-domain=xp-domain)

       

      Client:

       

      It works:

      <configuration name="default">
         <set-user-name name="ejbuser"/>
         <credentials>
         <clear-password password="password1!"/>
         </credentials>
      </configuration>

       

      It doesn't:
      <configuration name="xp_second">
         <sasl-mechanism-selector selector="#ALL"/>
         <set-mechanism-realm name="xp-realm" /> //not sure if it should be as it is or security domain name?
         <set-user-name name="Admin"/>
         <credentials>
              <clear-password password="admin"/>
         </credentials>
      </configuration>

        • 1. Re: Elytron Client with database identity store
          mchoma

          So you are trying to call EJB remotely. From stacktrace server is trying local authenticaiton and digest. But you want apparently PLAIN, as that is how is your password stored in DB.

          Look at [1], I guess you are missing sasl-authentication-factory in your http-remoting-connector

          [1] Getting started with EJBs and Elytron Part 1: Securing EJBs and invoking them from remote clients

          • 2. Re: Elytron Client with database identity store
            szymonk92

            Martin, thanks for your answer.

             

            I have updated my configuration a bit following the same tutorial that you posted, adding 2 more steps.

             

            ./subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory, value=application-sasl-authentication)

            ./subsystem=remoting/http-connector=http-remoting-connector:undefine-attribute(name=security-realm)

             

            But that use default sasl authentication defined in standalone.xml A bit modified version:

                           <sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">

                             <mechanism-configuration>

                                    <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>

                                    <mechanism mechanism-name="DIGEST-MD5">

                                        <mechanism-realm realm-name="ApplicationRealm"/>

                                    </mechanism>

                                    <mechanism mechanism-name="PLAIN">

                                </mechanism-configuration>

                            </sasl-authentication-factory>

                            <sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">

                                <mechanism-configuration>

                                    <mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>

                                    <mechanism mechanism-name="DIGEST-MD5">

                                        <mechanism-realm realm-name="ManagementRealm"/>

                                    </mechanism>

                                </mechanism-configuration>

                            </sasl-authentication-factory>

             

            I also updated my DB storing MD5 hash for security reason (I know it's not safe, just trying to make it work somehow and later on I will change an algorithm).

             

            DB now:

            username:     Admin     Admin1                                                              Admin2

            password:     admin     21232f297a57a5a743894a0e4a801fc3               MjEyMzJmMjk3YTU3YTVhNzQzODk0YTBlNGE4MDFmYzM=

            description:  plain       md-5                                                                     base64(md-5)

             

             

             

             

            Current Client wildfly-config.xml:

            <authentication-client xmlns="urn:elytron:1.0">

                <authentication-configurations>

                    <configuration name="default">

                        <set-user-name name="Admin"/> //Where I change users depending on configuration

                        <credentials>

                            <clear-password password="admin"/>

                        </credentials>

                        <providers>

                            <use-service-loader/>

                        </providers>

                    </configuration>

                </authentication-configurations>

            </authentication-client>

             

             

            <jboss-ejb-client xmlns="urn:jboss:wildfly-client-ejb:3.0">

            <invocation-timeout seconds="100"/>

            <connections>

                <connection uri="remote+http://localhost:8080"/>

            </connections>

            </jboss-ejb-client>

             

             

            <endpoint xmlns="urn:jboss-remoting:5.0">

            <connections>

                <connection destination="remote+http://localhost:8080" read-timeout="50" write-timeout="50"

                            heartbeat-interval="10000"/>

            </connections>

            </endpoint>

            Error message, CLIENT:

            ...

            Suppressed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:

               JBOSS-LOCAL-USER: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication

               DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication

            at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109)

            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:402)

            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)

            at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

            at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

            at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

            at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

            at ...asynchronous invocation...(Unknown Source)

            at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:571)

            at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:537)

            at org.jboss.remoting3.ConnectionInfo$None.getConnection(ConnectionInfo.java:82)

            at org.jboss.remoting3.ConnectionInfo.getConnection(ConnectionInfo.java:55)

            at org.jboss.remoting3.EndpointImpl.doGetConnection(EndpointImpl.java:488)

            at org.jboss.remoting3.EndpointImpl.getConnectedIdentity(EndpointImpl.java:434)

            at org.jboss.remoting3.UncloseableEndpoint.getConnectedIdentity(UncloseableEndpoint.java:52)

            at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.getConnectedIdentityUsingClusterEffective(RemotingEJBDiscoveryProvider.java:311)

            at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.lambda$connectAndDiscover$0(RemotingEJBDiscoveryProvider.java:384)

            at java.security.AccessController.doPrivileged(Native Method)

            at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider$DiscoveryAttempt.connectAndDiscover(RemotingEJBDiscoveryProvider.java:384)

            at org.jboss.ejb.protocol.remote.RemotingEJBDiscoveryProvider.discover(RemotingEJBDiscoveryProvider.java:151)

            at org.jboss.ejb.protocol.remote.RemoteEJBDiscoveryConfigurator.lambda$configure$0(RemoteEJBDiscoveryConfigurator.java:42)

            at org.wildfly.discovery.ConfiguredProvider.discover(ConfiguredProvider.java:45)

            at org.wildfly.discovery.Discovery.discover(Discovery.java:100)

            at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.discover(DiscoveryEJBClientInterceptor.java:242)

            at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.doAnyDiscovery(DiscoveryEJBClientInterceptor.java:371)

            at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.executeDiscovery(DiscoveryEJBClientInterceptor.java:305)

            at org.jboss.ejb.client.DiscoveryEJBClientInterceptor.handleInvocation(DiscoveryEJBClientInterceptor.java:95)

            at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:491)

            at org.jboss.ejb.client.NamingEJBClientInterceptor.handleInvocation(NamingEJBClientInterceptor.java:64)

            at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:491)

            at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:165)

            at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:491)

            at org.wildfly.common.context.Contextual.runExConsumer(Contextual.java:203)

            at org.jboss.ejb.client.EJBClientInvocationContext.sendRequestInitial(EJBClientInvocationContext.java:327)

            at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:173)

            ... 27 more

            Suppressed: javax.security.sasl.SaslException: JBOSS-LOCAL-USER: Server rejected authentication

            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:736)

            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:578)

            at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

            at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

            at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

            at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

            Suppressed: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication

            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:736)

            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:578)

            at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)

            at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)

            at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)

            at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)

            Error message, server:

            (...)

            2019-01-17 10:15:56,241 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05014: Authentication mechanism authorization failed: "Admin1" running as "Admin1"

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.localuser.LocalUserServer.evaluateMessage(LocalUserServer.java:256)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:199)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AbstractSaslServer.evaluateResponse(AbstractSaslServer.java:68)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)

            at org.jboss.xnio@3.6.5.Final//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)

            at org.jboss.xnio@3.6.5.Final//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)

            at org.jboss.remoting@5.0.8.Final//org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486)

            at org.jboss.remoting@5.0.8.Final//org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:949)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)

            at java.base/java.lang.Thread.run(Thread.java:834)

            (...)

            2019-01-17 10:15:56,298 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05051: Callback handler does not support credential acquisition [Caused by org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.auth.callback.PasswordCallback@15063db4]

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.mechanism.digest.PasswordDigestObtainer.getSaltedPasswordFromPasswordCallback(PasswordDigestObtainer.java:295)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.mechanism.digest.PasswordDigestObtainer.handleUserRealmPasswordCallbacks(PasswordDigestObtainer.java:112)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.digest.AbstractDigestMechanism.handleUserRealmPasswordCallbacks(AbstractDigestMechanism.java:195)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:264)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:363)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:199)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:336)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)

            at org.jboss.xnio@3.6.5.Final//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)

            at org.jboss.xnio@3.6.5.Final//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)

            at org.jboss.remoting@5.0.8.Final//org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486)

            at org.jboss.remoting@5.0.8.Final//org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:949)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)

            at java.base/java.lang.Thread.run(Thread.java:834)

            Caused by: org.wildfly.security.auth.callback.FastUnsupportedCallbackException: javax.security.auth.callback.PasswordCallback@15063db4

            (...)

            2019-01-17 10:15:56,308 TRACE [org.jboss.remoting.remote.server] (default task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05013: Authentication mechanism password not verified

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:127)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)

            at org.wildfly.security.elytron-private@1.7.0.Final//org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)

            at org.jboss.xnio@3.6.5.Final//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)

            at org.jboss.xnio@3.6.5.Final//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)

            at org.jboss.remoting@5.0.8.Final//org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486)

            at org.jboss.remoting@5.0.8.Final//org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:949)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)

            at org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)

            at java.base/java.lang.Thread.run(Thread.java:834)

            • 3. Re: Elytron Client with database identity store
              mchoma

              If you want to make it work start with clear password - then you can switch to hashed form. You have to have clear-password-mapper in jdbc-realm and PLAIN mechanism as first in sasl suthenticaiton factory.

              • 4. Re: Elytron Client with database identity store
                mchoma

                I am missing here client side configuration of DIGEST-MD5 sasl mechanism.

                Look here for documentation example [1]

                And here for another forum thread example [2]

                 

                [1] Client Authentication with Elytron Client - Latest WildFly Documentation - Project Documentation Editor

                [2] Elytron + JDBCRealm + SHA-256 cannot connect to EJB