Hi Yevhenii, what artemis version are you using? Can you try to include only the GuestLoginModule in your /var/lib/artemis-instance/etc/login.config file? Can you share the broker log with -Djava.security.debug=configfile,configparser to debug JAAS ConfigFile loading and parsing?
Regards, Domenico On Wed, 26 Nov 2025 at 14:57, Ievgenii Lopushen <[email protected]> wrote: > Hi Domenico > Thank you for your reply > > ran a check from inside the container: > > artemis check node > NOTE: Picked up JDK_JAVA_OPTIONS: > --add-exports=java.base/sun.security.internal.spec=ALL-UNNAMED > --add-exports=java.base/sun.security.provider=ALL-UNNAMED > --add-opens=java.base/java.security=ALL-UNNAMED > -Djavax.net.ssl.trustStoreType=FIPS > Picked up JAVA_TOOL_OPTIONS: > --module-path=/usr/share/java/bouncycastle-fips > Connection brokerURL = tcp://localhost:61616 > Connection failed::AMQ229031: Unable to validate user from 127.0.0.1:58194 > . > Username: null; SSL certificate subject DN: unavailable > > --user: > Type the username for a retry > artemis > > --password: is mandatory with this configuration: > Type the password for a retry > > NodeCheck failed. Reason: > org.apache.activemq.artemis.api.core.ActiveMQSecurityException: > [errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user > from 127.0.0.1:40246. Username: artemis; SSL certificate subject DN: > unavailable] > > The check does not go through even though I used the credentials that i've > specified when creating the instance. > > I have no jcmd in my container, but from ps I see: > > ps aux | grep java > artemis 1 0.8 6.2 8467620 511192 ? Ssl 02:50 5:40 > [rosetta] /usr/lib/jvm/java-21-openjdk-amd64/bin/java > /usr/lib/jvm/java-21-openjdk-amd64/bin/java > > -Djava.security.auth.login.config=/var/lib/artemis-instance/etc/login.config > -Dhawtio.realm=activemq -Dhawtio.role=amq > > -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal > -Djolokia.policyLocation=/var/lib/artemis-instance/etc/jolokia-access.xml > -Dhawtio.roles=amq > > -Djava.security.auth.login.config=/var/lib/artemis-instance/etc/login.config > -classpath /opt/activemq-artemis/lib/artemis-boot.jar > -Dartemis.home=/opt/activemq-artemis > -Dartemis.instance=/var/lib/artemis-instance > -Djava.library.path=/opt/activemq-artemis/bin/lib/linux-x86_64 > -Djava.io.tmpdir=/var/lib/artemis-instance/tmp > -Ddata.dir=/var/lib/artemis-instance/data > -Dartemis.instance.etc=/var/lib/artemis-instance/etc > -Dhawtio.authenticationEnabled=false > -Djava.security.debug=loginconfig,config,parser,access,failure > org.apache.activemq.artemis.boot.Artemis run > root 1545 0.0 0.0 3640 2244 ? S+ 13:32 0:00 grep > --color=auto java > > So > > -Djava.security.auth.login.config=/var/lib/artemis-instance/etc/login.config > and the contents of /var/lib/artemis-instance/etc/login.config is: > > activemq { > org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule > sufficient > debug=false > reload=true > org.apache.activemq.jaas.properties.user="artemis-users.properties" > org.apache.activemq.jaas.properties.role="artemis-roles.properties"; > > org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule > sufficient > debug=false > org.apache.activemq.jaas.guest.user="artemis" > org.apache.activemq.jaas.guest.role="amq"; > }; > > Thank you! > > > > On Wed, Nov 26, 2025 at 8:33 AM Domenico Francesco Bruscino < > [email protected]> wrote: > > > Hi Yevhenii, > > > > the error "No LoginModules configured for" is usually due to a wrong > login > > configuration.Can you double-check you are able to connect to an acceptor > > by using the artemis CLI? > > If the artemis CLI works, can you share the content of the file defined > by > > the java.security.auth.login.config system property in the container? > > By default, the java.security.auth.login.config system property is > defined > > in the bin/artemis script. You could use jcmd to double-check the > property > > value in the container, i.e. jcmd <PID> VM.system_properties. > > > > Regards, > > Domenico > > > > On Tue, 25 Nov 2025 at 19:02, Ievgenii Lopushen <[email protected]> > > wrote: > > > > > Hi > > > I'm trying to build a Docker image with Artemis in it. The image is > based > > > on Ubuntu 22.04 with FIPS turned on and JRE 21 installed. For Java I am > > > using Bouncycastle as my security provider, hence overriding the > > > java.security file with such providers: > > > > > > > > > > > > security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider > > > > > > security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider > > > fips:BCFIPS > > > security.provider.3=SUN > > > > > > When starting the container, Artemis does launch and I'm able to create > > an > > > Artemis instance. However, I cannot login to the web console. No matter > > the > > > credentials I specify I get: > > > > > > [io.hawt.system.Authenticator] Login failed due to: No LoginModules > > > configured for activemq > > > > > > Even though on identical default installation on host machine with > Ubuntu > > > or MacOS works fine. > > > Is there any additional configuration that should be applied to login > or > > > can it be related to FIPS? > > > -- > > > > > > All the best, > > > > > > Yevhenii > > > > > > > > -- > > All the best, > > Yevhenii Lopushen >
