JBoss EAP Legacy Security: SaslException: DIGEST-MD5: Server rejected authentication

Solution Verified - Updated -

Issue

  • Unable to start server
  • Slave host-controller.log has exception

    11:05:34,578 WARN  [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://server:9999: java.lang.IllegalStateException: WFLYHC0043: Unable to connect due to authentication failure.
        at org.jboss.as.host.controller.RemoteDomainConnectionService.rethrowIrrecoverableConnectionFailures(RemoteDomainConnectionService.java:674)
        at org.jboss.as.host.controller.RemoteDomainConnectionService.register(RemoteDomainConnectionService.java:293)
        at org.jboss.as.host.controller.DomainModelControllerService.connectToDomainMaster(DomainModelControllerService.java:940)
        ...
    Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
    DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication
        at org.jboss.remoting3.remote.ClientConnectionOpenListener.allMechanismsFailed(ClientConnectionOpenListener.java:109)
        at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:446)
        ...
        Suppressed: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication
            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:736)
            at org.jboss.remoting3.remote.ClientConnectionOpenListener$Authentication.handleEvent(ClientConnectionOpenListener.java:578)
            at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
            at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
            at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
            at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
    

Environment

  • Red Hat JBoss Enterprise Application Platform (JBoss EAP) 6, 7
  • Managed Domain Mode
  • Legacy Security
  • Domain controller secured with server secret
  • Slave host controller host.xml:

    <domain-controller>
        <remote protocol="remote" host="server" port="9999" security-realm="ManagementRealm" username="jboss"/>
    </domain-controller>
    
  • Domain Controller host.xml has default ManagementRealm configuration

  • Domain Controller management interface has

        <management-interfaces>
            <native-interface security-realm="ManagementRealm">
                <socket interface="management" port="${jboss.management.native.port:9999}"/>
            </native-interface>
            ...
        </management-interfaces>
    

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In