Authentication fail with UsersRoles Login Module and hashed password.
kiranmohan Aug 24, 2016 2:06 PMHi,
I am configuring a security domain in Wildfly 10. While connecting to EJB from a remote client, I get the below error.
It seems to happen only if the password is hashed in user properties files.
WARN: Could not register a EJB receiver for connection to localhost:8080 javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed: PLAIN: Server rejected authentication
Is this a bug?
If not how do I fix this?
Below is the configuration for the security domain
<security-domain name="ejb-ssl-domain" cache-type="default"> <authentication> <login-module name="ejb-ssl-user-roles" code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/ejb-ssl-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/ejb-ssl-roles.properties"/> <module-option name="hashAlgorithm" value="SHA-256"/> <module-option name="hashEncoding" value="base64"/> <module-option name="hashUserPassword" value="true"/> </login-module> </authentication> </security-domain>
I have added user to ${jboss.server.config.dir}/ejb-ssl-users.properties
using the $WILDFLY_HOME/bin/add-user.sh utility script.
So the password in the user properties file is hashed.
Below is the jboss-ejb-client.properties file
endpoint.name=client-endpoint remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false remote.connections=default remote.connection.default.host=localhost remote.connection.default.port=8080 remote.connection.default.username=ejbUserOne remote.connection.default.password=ejbPasswordOne remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS=false remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
jndi.properties
# using techniques mentioned in "https://docs.jboss.org/author/display/WFLY8/EJB+invocations+from+a+remote+client+using+JNDI" java.naming.factory.url.pkgs=org.jboss.ejb.client.naming #