Skip to content

SimpleKdcLdapServerTests testClientServiceMutualAuthentication fails on JDK15-ea #57749

New issue
New issue
Closed
Closed
SimpleKdcLdapServerTests testClientServiceMutualAuthentication fails on JDK15-ea#57749
Assignees
ywangd
Labels
:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>test-failureTriaged test failures from CITeam:SecurityMeta label for security team
@jaymode

Description

@jaymode
jaymode
opened on Jun 5, 2020

Build scan: https://gradle-enterprise.elastic.co/s/h2zdsinitnabi

Repro line:

./gradlew ':x-pack:qa:evil-tests:unitTest' -Dtests.seed=81536A3F3B7CCE98 -Dtests.class=org.elasticsearch.xpack.security.authc.kerberos.SimpleKdcLdapServerTests -Dtests.method="testClientServiceMutualAuthentication" -Dtests.security.manager=false -Dtests.locale=mni-Beng-IN -Dtests.timezone=Asia/Calcutta -Dcompiler.java=12 -Druntime.java=15

Reproduces locally?: Yes

Applicable branches: 6.8

Failure history: https://build-stats.elastic.co/app/kibana#/discover?_g=(refreshInterval:(pause:!t,value:0),time:(from:now%2Fy,mode:quick,to:now))&_a=(columns:!(test.failed-testcases),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:b646ed00-7efc-11e8-bf69-63c8ef516157,key:build.project,negate:!f,params:(query:elasticsearch,type:phrase),type:phrase,value:elasticsearch),query:(match:(build.project:(query:elasticsearch,type:phrase))))),index:b646ed00-7efc-11e8-bf69-63c8ef516157,interval:auto,query:(language:lucene,query:'test.failed-testcases.test:testClientServiceMutualAuthentication'),sort:!(process.time-start,desc))

Failure excerpt:

Details 
java.security.PrivilegedActionException: java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
   > 	at __randomizedtesting.SeedInfo.seed([81536A3F3B7CCE98:FBA7DB287B5CD03D]:0)
   > 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:558)
   > 	at org.elasticsearch.xpack.security.authc.kerberos.KerberosTestCase.doAsWrapper(KerberosTestCase.java:186)
   > 	at org.elasticsearch.xpack.security.authc.kerberos.SpnegoClient.<init>(SpnegoClient.java:86)
   > 	at org.elasticsearch.xpack.security.authc.kerberos.SimpleKdcLdapServerTests.testClientServiceMutualAuthentication(SimpleKdcLdapServerTests.java:57)
   > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
   > 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   > 	at java.base/java.lang.reflect.Method.invoke(Method.java:564)
   > 	at java.base/java.lang.Thread.run(Thread.java:832)
   > Caused by: java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
   > 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:695)
   > 	at java.base/javax.security.auth.Subject.doAs(Subject.java:425)
   > 	at org.elasticsearch.xpack.security.authc.kerberos.KerberosTestCase.lambda$doAsWrapper$2(KerberosTestCase.java:186)
   > 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:554)
   > 	... 39 more
   > Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
   > 	at java.security.jgss/sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:164)
   > 	at java.security.jgss/sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
   > 	at java.security.jgss/sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:174)
   > 	at java.security.jgss/sun.security.jgss.spnego.SpNegoMechFactory.getCredentialElement(SpNegoMechFactory.java:146)
   > 	at java.security.jgss/sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:174)
   > 	at java.security.jgss/sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:439)
   > 	at java.security.jgss/sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:74)
   > 	at java.security.jgss/sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:135)
   > 	at org.elasticsearch.xpack.security.authc.kerberos.SpnegoClient.lambda$new$1(SpnegoClient.java:87)
   > 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
   > 	... 42 more

This fails reproducibly for me on the 6.8 branch once I installed JDK15. Note, I tested with b26 of JDK15 and this is not the JDK issue that causes #56507.

Metadata

Metadata

Assignees

Labels

:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>test-failureTriaged test failures from CITeam:SecurityMeta label for security team

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions