Need help figuring out The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, FORM] from the HttpAuthenticationFactory.
75 views
Skip to first unread message
matt e (aldiyen)
May 28, 2024, 7:24:09 AM5/28/24
to WildFly
Hello,
I'm in the process of trying to migrate from a legacy security realm configuration within the <management> part of the config to using the Elytron subsystem for security realms etc. I'm using Wildfly 20.0.1 and this is part of a process of modernizing my configuration ahead of an upgrade to a more recent version.
After moving to using the Elytron security realm, security domain, etc. I'm getting this error when trying to deploy every one of my WARs:
2024-05-22 14:32:04,355 [ServerService Thread Pool -- 88] ERROR org.jboss.msc.service.fail - MSC000001: Failed to start service jboss.deployment.unit."paytronix.server.webapp.legacy-web-24.21-develop-SNAPSHOT.war".undertow-deployment: org.jboss.msc.service.StartException in service jboss.deployment.unit."paytronix.server.webapp.legacy-web-24.21-develop-SNAPSHOT.war".undertow-deployment: java.lang.RuntimeException: java.lang.IllegalStateException: The required mechanism 'SSO' is not available in mechanisms [BASIC, CLIENT_CERT, FORM] from the HttpAuthenticationFactory.
This never happened with the old legacy config, and I've been trying different things for a couple of days trying to get it to work, but I'm at a loss regarding how to get this to work. The Wildfly documentation on SSO only deals with multi-application instance / distributed SSO, from what I have found, which I do not need, and even when I configure my application to support distributed SSO I still get the above error. I looked at the source code for Wildfly / Wildfly Elytron / Undertow a fair bit but it's all highly indirected and I've not been able to figure out what's actually supposed to enable support for this.
My undertow subsystem configuration looks like this:
<subsystem xmlns="urn:jboss:domain:undertow:11.0">
<buffer-cache name="default"/>
<application-security-domains>
<application-security-domain name="merchant-web" security-domain="merchant-web">
</application-security-domain>
</application-security-domains>
<server name="default-server">
<http-listener name="http" tcp-keep-alive="true" read-timeout="60000" write-timeout="60000" socket-binding="http" max-post-size="10485760" max-parameters="1000" record-request-start-time="true" no-request-timeout="60000" request-parse-timeout="2000" redirect-socket="https-443" enable-http2="true"/>
<https-listener name="https" tcp-keep-alive="true" read-timeout="3600000" write-timeout="3600000" socket-binding="https" max-post-size="209715200" max-parameters="5000" record-request-start-time="true" no-request-timeout="60000" request-parse-timeout="2000" ssl-context="webserverSSC" enable-http2="true"/>
<host name="default-host" alias="localhost">
<access-log pattern="%h,%{i,PX-LB-Connecting-IP},%{i,CF-Connecting-IP} %{i,CF-Ray} %l %u %t %{i,Host} "%r" %s %b "%{i,Referer}" "%{i,User-Agent}" %D %S %{c,SESSIONIDSSO}" prefix="localhost_access_log."/>
<single-sign-on path="/" http-only="true" secure="true" cookie-name="SESSIONIDSSO"/>
</host>
</server>
<servlet-container name="default" eager-filter-initialization="true">
<jsp-config/>
<session-cookie name="SESSIONID" http-only="true" secure="true"/>
<websockets/>
</servlet-container>
</subsystem>
<buffer-cache name="default"/>
<application-security-domains>
<application-security-domain name="merchant-web" security-domain="merchant-web">
</application-security-domain>
</application-security-domains>
<server name="default-server">
<http-listener name="http" tcp-keep-alive="true" read-timeout="60000" write-timeout="60000" socket-binding="http" max-post-size="10485760" max-parameters="1000" record-request-start-time="true" no-request-timeout="60000" request-parse-timeout="2000" redirect-socket="https-443" enable-http2="true"/>
<https-listener name="https" tcp-keep-alive="true" read-timeout="3600000" write-timeout="3600000" socket-binding="https" max-post-size="209715200" max-parameters="5000" record-request-start-time="true" no-request-timeout="60000" request-parse-timeout="2000" ssl-context="webserverSSC" enable-http2="true"/>
<host name="default-host" alias="localhost">
<access-log pattern="%h,%{i,PX-LB-Connecting-IP},%{i,CF-Connecting-IP} %{i,CF-Ray} %l %u %t %{i,Host} "%r" %s %b "%{i,Referer}" "%{i,User-Agent}" %D %S %{c,SESSIONIDSSO}" prefix="localhost_access_log."/>
<single-sign-on path="/" http-only="true" secure="true" cookie-name="SESSIONIDSSO"/>
</host>
</server>
<servlet-container name="default" eager-filter-initialization="true">
<jsp-config/>
<session-cookie name="SESSIONID" http-only="true" secure="true"/>
<websockets/>
</servlet-container>
</subsystem>
Any help in figuring this out would be greatly appreciated!
Thanks much!
-Matt
p.s. I though I just submitted a very similar post but now I can't find any record of is, so my apologies if this appeal for help appears twice.
Bartosz Baranowski
May 31, 2024, 8:33:00 AM5/31/24
to WildFly
single-sign-on should be specified at domain level:
https://stackoverflow.com/questions/71622705/how-to-fix-the-required-mechanism-sso-is-not-available-in-mechanisms-basic
https://docs.wildfly.org/28/WildFly_Elytron_Security.html#enable-single-sign-on
https://stackoverflow.com/questions/71622705/how-to-fix-the-required-mechanism-sso-is-not-available-in-mechanisms-basic
https://docs.wildfly.org/28/WildFly_Elytron_Security.html#enable-single-sign-on
Reply all
Reply to author
Forward
0 new messages