SASL Anonymous mechanism
474 views
Skip to first unread message
Szymon Klepacz
Feb 9, 2021, 9:00:17 AM2/9/21
to WildFly
Hi,
How can I configure Anonymous authentication mechanism for WildFly 22? Server and client are on different machines.
I have a special case, that before logging user can choose his username from the drop down (do not ask me why :)) . In order to do that I would have to either use Anonymous mechanism or create a dummy user. The second option is not an option since I cannot create additional user in LDAP.
Client code:
private static Context createContext(String server, String port)
throws NamingException {
authCtx = AuthenticationContext.empty().with(MatchRule.ALL, AuthenticationConfiguration.empty).useAnonymous());
AuthenticationContext.getContextManager().setThreadDefault(authCtx);
AuthenticationContext.getContextManager().setGlobalDefault(authCtx);
final Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
props.put(Context.PROVIDER_URL, "remote+http://" + server + ":" + port);
return new InitialContext(props);
}
On the server, running sever and client on the same machine with {mechanism-name=JBOSS-LOCAL-USER, realm-mapper=local} there is no problem! However, moving client to the other server I am facing:
Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (SCRAM-SHA-256) are supported
SASL authentication factory:
<sasl-authentication-factory name="xd-sasl-authentication-factory" sasl-server-factory="configured" security-domain="xdSD">
<mechanism-configuration>
<mechanism mechanism-name="SCRAM-SHA-256">
<mechanism-realm realm-name="xdDbRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
I tried to add <mechanism mechanism-name="ANONYMOUS" /> but without luck.
I tried to modify the permission mappers:
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous"/>
<permission-set name="default-permissions"/>
<permission-set name="login-permission"/>
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission"/>
<permission-set name="default-permissions"/>
</permission-mapping>
</simple-permission-mapper>
And now I do not have an idea how to solve this problem. Help much appreciated.
Farah Juma
Feb 10, 2021, 5:29:11 PM2/10/21
to WildFly
The configuration for adding the ANONYMOUS mechanism and the permission mapper update look correct. Might be worth checking your configuration to make sure your "xd-sasl-authentication-factory" is actually getting used and that your "xdSD" security domain references the "default-permission-mapper".
Szymon Klepacz
Feb 15, 2021, 3:32:29 AM2/15/21
to WildFly
Thanks Farah for confirmation. It works, just had to edit my 'custom-principal-transformer'.
For anyone struggling with ANONYMOUS mechanism, check JBoss-cli commands:
./subsystem=elytron/sasl-authentication-factory=xd-sasl-auth-factory:add( \
sasl-server-factory=configured, \
security-domain=yourSecurityDomain, \
mechanism-configurations=[ \
{ mechanism-name=ANONYMOUS} ])
sasl-server-factory=configured, \
security-domain=yourSecurityDomain, \
mechanism-configurations=[ \
{ mechanism-name=ANONYMOUS} ])
./subsystem=elytron/simple-permission-mapper=default-permission-mapper:list-add( \
name=permission-mappings[0].permission-sets, \
index=1, \
value={permission-set="login-permission"} )
name=permission-mappings[0].permission-sets, \
index=1, \
value={permission-set="login-permission"} )
Reply all
Reply to author
Forward
0 new messages