Cannot login to `jboss-cli` or JBoss EAP Admin Console when management interfaces are secured with LDAPs and Java Security Manager is enabled

Solution Unverified - Updated -

Issue

  • Cannot login to jboss-cli or JBoss EAP Admin Console when management interfaces are secured with LDAPs and Java Security Manager is enabled.
  • The following error is occurs:

    TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05012: Authentication mechanism server-side authentication failed [Caused by org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context]
    at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:121)
    at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
    at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
    at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)
    at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
    at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
    at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486)
    ...
        Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context
    at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.obtainContext(LdapSecurityRealm.java:215)
    at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.access$600(LdapSecurityRealm.java:102)
    at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:591)
    at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977)
    at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759)
    at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992)
    ...
    ... 12 more
        Caused by: javax.naming.CommunicationException:myldap.mydomain:636 [Root exception is java.lang.ClassNotFoundException: org/wildfly/security/auth/realm/ldap/ThreadLocalSSLSocketFactory]
    at com.sun.jndi.ldap.Connection.(Connection.java:238)
    at com.sun.jndi.ldap.LdapClient.(LdapClient.java:137)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
    at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
    ....
    ... 22 more
        Caused by: java.lang.ClassNotFoundException: org/wildfly/security/auth/realm/ldap/ThreadLocalSSLSocketFactory
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:348)
    at com.sun.jndi.ldap.VersionHelper12.loadClass(VersionHelper12.java:72)
        at com.sun.jndi.ldap.Connection.createSocket(Connection.java:293)
    at com.sun.jndi.ldap.Connection.(Connection.java:215)
    ... 44 more
    

Environment

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP)
    • 7.1
    • 7.2.2
  • Java Security Manager
  • LDAPs

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content