Skip to content

CI Failures: ActiveDirectoryRealmTests #47952

New issue
New issue
Closed
Closed
CI Failures: ActiveDirectoryRealmTests#47952
Labels
:Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>test-failureTriaged test failures from CIv7.4.1
@nknize

Description

@nknize
nknize
opened on Oct 11, 2019

Several unit test failures look like that may be related to a CI configuration? Nevertheless, this has failed at least twice per day in the last few days:

https://groups.google.com/a/elastic.co/forum/#!searchin/build-elasticsearch/ActiveDirectoryRealmTests%7Csort:date

Looks like they're all mostly caused by the same error:

02:39:53 org.elasticsearch.xpack.security.authc.ldap.ActiveDirectoryRealmTests > testCustomSearchFilters FAILED
02:39:53     ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.authc.realms.active_directory.testdefaultsearchfilters.ssl]]; nested: ElasticsearchException[failed to initialize the SSLContext]; nested: KeyManagementException[FIPS mode: only SunJSSE TrustManagers may be used];
02:39:53         at __randomizedtesting.SeedInfo.seed([B09EBEB01A9E7C23:24D005ED0EFD62D1]:0)
02:39:53         at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:449)
02:39:53         at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$2(SSLService.java:426)
02:39:53         at java.util.HashMap.forEach(HashMap.java:1289)
02:39:53         at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:426)
02:39:53         at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:121)
02:39:53         at org.elasticsearch.xpack.security.authc.ldap.ActiveDirectoryRealmTests.setupRealm(ActiveDirectoryRealmTests.java:171)
02:39:53         at org.elasticsearch.xpack.security.authc.ldap.ActiveDirectoryRealmTests.testCustomSearchFilters(ActiveDirectoryRealmTests.java:470)
02:39:53 
02:39:53         Caused by:
02:39:53         ElasticsearchException[failed to initialize the SSLContext]; nested: KeyManagementException[FIPS mode: only SunJSSE TrustManagers may be used];
02:39:53             at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:409)
02:39:53             at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:386)
02:39:53             at java.util.HashMap.computeIfAbsent(HashMap.java:1127)
02:39:53             at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:446)
02:39:53             ... 6 more
02:39:53 
02:39:53             Caused by:
02:39:53             java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used
02:39:53                 at sun.security.ssl.SSLContextImpl.chooseTrustManager(SSLContextImpl.java:120)
02:39:53                 at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:83)
02:39:53                 at javax.net.ssl.SSLContext.init(SSLContext.java:282)
02:39:53                 at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:402)
02:39:53                 ... 9 more

I'm unable to reproduce locally:

02:39:53 REPRODUCE WITH: ./gradlew ':x-pack:plugin:security:test' --tests "org.elasticsearch.xpack.security.authc.ldap.ActiveDirectoryRealmTests.testCustomSearchFilters" -Dtests.seed=B09EBEB01A9E7C23 -Dtests.security.manager=true -Dtests.locale=de-GR -Dtests.timezone=Africa/Freetown -Dcompiler.java=12 -Druntime.java=8FIPS -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStorePassword=password

Metadata

Metadata

Assignees

No one assigned

    Labels

    :Security/AuthenticationLogging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc)>test-failureTriaged test failures from CIv7.4.1

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions