Cannot login to `jboss-cli` or JBoss EAP Admin Console when management interfaces are secured with LDAPs and Java Security Manager is enabled
Issue
- Cannot login to
jboss-cli
or JBoss EAP Admin Console when management interfaces are secured with LDAPs and Java Security Manager is enabled. -
The following error is occurs:
TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05012: Authentication mechanism server-side authentication failed [Caused by org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context] at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:121) at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58) at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106) at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59) at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245) at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217) at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486) ... Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.obtainContext(LdapSecurityRealm.java:215) at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.access$600(LdapSecurityRealm.java:102) at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:591) at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977) at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759) at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992) ... ... 12 more Caused by: javax.naming.CommunicationException:myldap.mydomain:636 [Root exception is java.lang.ClassNotFoundException: org/wildfly/security/auth/realm/ldap/ThreadLocalSSLSocketFactory] at com.sun.jndi.ldap.Connection.(Connection.java:238) at com.sun.jndi.ldap.LdapClient.(LdapClient.java:137) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:319) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116) .... ... 22 more Caused by: java.lang.ClassNotFoundException: org/wildfly/security/auth/realm/ldap/ThreadLocalSSLSocketFactory at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:348) at com.sun.jndi.ldap.VersionHelper12.loadClass(VersionHelper12.java:72) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:293) at com.sun.jndi.ldap.Connection.(Connection.java:215) ... 44 more
Environment
- Red Hat JBoss Enterprise Application Platform (JBoss EAP)
- 7.1
- 7.2.2
- Java Security Manager
- LDAPs
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.