Skip to content

Skip redundant AUTH when SASL authentication is already complete#156

Merged
tristantarrant merged 1 commit into
infinispan:mainfrom
tristantarrant:fix/sasl-redundant-auth
May 13, 2026
Merged

Skip redundant AUTH when SASL authentication is already complete#156
tristantarrant merged 1 commit into
infinispan:mainfrom
tristantarrant:fix/sasl-redundant-auth

Conversation

@tristantarrant
Copy link
Copy Markdown
Member

@tristantarrant tristantarrant commented May 13, 2026

Summary

  • The auth() function unconditionally sent two AUTH messages during SASL authentication
  • For single-step mechanisms like PLAIN, the server completes auth on the first message, making the second redundant
  • The redundant AUTH can race with the server's SaslServer cleanup, causing intermittent ELY05001: Authentication mechanism exchange received a message after authentication was already complete
  • Expose the server's authDone flag as a complete field in the decodeSasl result and skip the second round-trip when auth is already done
  • Multi-step mechanisms like SCRAM-SHA continue to use both rounds as before

Fixes #155

Created with the assistance of an AI tool

This was referenced May 13, 2026
Closed
Merged
@tristantarrant tristantarrant merged commit 3a94026 into infinispan:main May 13, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SASL auth sends redundant AUTH message causing intermittent ELY05001

1 participant

@tristantarrant