Unable to remote connect to JMX Console

Solution Verified - Updated -

Issue

  • We are trying to connect to JMX port from JMC for monitoring purposes. The remote+https port is secured using elytron which connects to LDAP. We are getting the following error when connecting to the port from the client:

    [org.jboss.remoting.remote.server] (default task-2) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05012: Authentication mechanism server-side authentication failed [Caused by org.wildfly.security.auth.server.RealmUnavailableException: ELY01153: Direct LDAP verification failed with DN [uid=userId,ou=People,dc=example,dc=com] and absolute DN [null]]
    at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:121)
    at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
    at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
    at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)
    at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
    at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
    at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486)
    ...
    at java.lang.Thread.run(Thread.java:748)
    Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01153: Direct LDAP verification failed with DN [uid=userId,ou=People,dc=example,dc=com] and absolute DN [null]
    at org.wildfly.security.auth.realm.ldap.DirectEvidenceVerifier$1.verifyEvidence(DirectEvidenceVerifier.java:104)
    at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:609)
    at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:1977)
    at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:759)
    at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:992)
    ...
    at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:117)
    ... 12 more
    Caused by: javax.naming.CommunicationException: ldap.example.com:636 [Root exception is java.lang.ClassNotFoundException: org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory from [Module "org.wildfly.extension.io" version 6.0.11.Final-redhat-00001 from local module loader @7f560810 (finder: local module finder @69d9c55 (roots: /opt/appserver/EAP/jboss-eap-7.2/modules,/opt/appserver/EAP/jboss-eap-7.2/modules/system/layers/base))]]
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:238)
     at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
    at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2699)
    ...
    ... 21 more
    Caused by: java.lang.ClassNotFoundException: org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory from [Module "org.wildfly.extension.io" version 6.0.11.Final-redhat-00001 from local module loader @7f560810 (finder: local module finder @69d9c55 (roots: /opt/appserver/EAP/jboss-eap-7.2/modules,/opt/appserver/EAP/jboss-eap-7.2/modules/system/layers/base))]
    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:255)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:410)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:398)
    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:116)
    at java.lang.Class.forName0(Native Method)
    ...
    ... 29 more
    
  • LDAPS referrals not working with an Elytron LDAP realm

Environment

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP)
    • 7.2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In