Remote calls for EJB with authentication is not working for some users in EAP6 and EAP7.0

Solution Verified - Updated

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x
    • 7.0.x

Issue

  • authentication for EJB remote call is not working if the credentials use a extreme long password
  • Remote EJB calls authenticated by Kerberos is not working for all users. It works fine for most users, but when a user is in many AD groups, the Kerberos ticket gets large and the authentication fail.
  • authentication fail for huge SASL requests
  • change of org.jboss.remoting3.RemotingOptions.*_BUFFER_SIZE will not help to authenticate users with large credentials

Resolution

The fix is available for EAP 6.4, please update to 6.4.17 for this fix This content is not included.BZ 1415963

For EAP 7 the issue is tracked by Content from issues.jboss.org is not included.JBEAP-8476

Root Cause

REMOTE_BUFFER is not really useful to change,
normally the buffer size doesn't matter; it only controls how often the user's stream is flushed to the socket. So changing is not necessary - therefore the options will go away.
But authentication is different,
here it hold an entire message inside of the request in this case so if the authentication is really big (SASL request or kerberos message) there is a message overflow.

Diagnostic Steps

Check the server logfiles for similar messages like followed

TRACE [org.jboss.remoting.remote.connection handleEvent] (Remoting "gravity" read-1) Connection error detail: java.io.IOException: Received an invalid message length of 11857
        at org.xnio.channels.FramedMessageChannel.receive(FramedMessageChannel.java:106) [xnio-api-3.0.15.GA-redhat-1.jar:3.0.15.GA-redhat-1]
        at org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial.handleEvent(ServerConnectionOpenListener.java:229) [jboss-remoting-3.3.6.Final-redhat-1.jar:3.3.6.Final-redhat-1]
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.