[jira] [Created] (KNOX-2881) KnoxCLI doesn’t hande ALIAS in (system)-user-auth-test

Mon, 13 Feb 2023 02:09:05 -0800 

Sandor Molnar created KNOX-2881:
-----------------------------------

             Summary: KnoxCLI doesn’t hande ALIAS in (system)-user-auth-test
                 Key: KNOX-2881
                 URL: https://issues.apache.org/jira/browse/KNOX-2881
             Project: Apache Knox
          Issue Type: Improvement
          Components: KnoxCLI
    Affects Versions: 1.6.0, 1.5.0, 1.4.0, 1.3.0, 1.2.0, 2.0.0, 1.6.1
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.1.0


When topology has 
{noformat}
  <param>
    <name>main.ldapRealm.contextFactory.systemPassword</name>
    <value>${ALIAS=knoxldapsystempassword}</value>
  </param>
{noformat}
The validations fail as:
{noformat}
# /bin/knoxcli.sh system-user-auth-test --cluster ldapUsecase1Topo2
org.apache.shiro.authc.AuthenticationException: LDAP authentication failed.
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: 
AcceptSecurityContext error, data 52e, v3839]
For more information use --d for debug output.
Unable to successfully bind to LDAP server with topology credentials. Are your 
parameters correct?

# bin/knoxcli.sh user-auth-test --cluster ldapUsecase1Topo2 --u user1 --p 
Test123
org.apache.shiro.config.ConfigurationException: Unable to set property 
'contextFactory.systemPassword' with value [S{ALIAS=knoxldapsystempassword}] on 
object of type org.apache.knox.gateway.shirorealm.KnoxLdapRealm.  If 
'S{ALIAS=knoxldapsystempassword}' is a reference to another (previously 
defined) object, prefix it with '$' to indicate that the referenced object 
should be used as the actual value.  For example, 
$S{ALIAS=knoxldapsystempassword}
org.apache.knox.gateway.util.KnoxCLI$LDAPCommand$BadSubjectException: Subject 
could not be created with Shiro Config at sections=main,urls
For more information use --d for debug output.
ERR: Unable to authenticate user: user1
{noformat}
Note: we checked that the keystore has the right password value set:
{noformat}
# ${JAVA} GetValueFromJCEKS ${JCEKSFILE} ${JCEKSPASS} ${PW_ALIAS}
Test123
{noformat}
 
When the topology is configured with a plain password like:
{noformat}
  <param>
    <name>main.ldapRealm.contextFactory.systemPassword</name>
    <value>Test123</value>
  </param>
{noformat}
The validations run with no errors:
{noformat}
# bin/knoxcli.sh system-user-auth-test --cluster ldapUsecase1Topo3
System LDAP Bind successful.

# bin/knoxcli.sh user-auth-test --cluster ldapUsecase1Topo3 --u user1 --p 
Test123
LDAP authentication successful!{noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to