All Apps and Add-ons

Problems with SSL JNDI Lookup against Tibco EMS

stuartidelta01
Path Finder

I am trying to perform a JNDI lookup over SSL to Tibco EMS using the JMS Modular Input. Everything works OK for a non-SSL JNDI lookup and I am also able to create an SSL queue connection (based on an SSL connection factory - when using a non-SSL lookup).

External to Splunk and the JMS TA the following Java code successfully performs a JNDI lookup over SSL:

Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.tibco.tibjms.naming.TibjmsInitialContextFactory");
props.put(Context.PROVIDER_URL, "tibjmsnaming://localhost:7243");
//SSL JNDI Lookup 
props.put(com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL,"ssl");
props.put(com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST, new Boolean("false"));
...
InitialContext context = new InitialContext(props);
QueueConnectionFactory qconFactory = (QueueConnectionFactory)context.lookup("SplunkConnectionFactory");

All attempts to recreate this setup in the JMS TA (through user_jndi_properties) result in the following error being logged:

03-31-2017 14:18:12.850 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/bin/jms.py" Stanza jms://queue/:splunk : Error connecting : javax.naming.ServiceUnavailableException: Failed to query JNDI: Failed to connect to the server at tcp://localhost:7243 [Root exception is javax.jms.JMSException: Failed to connect to the server at tcp://localhost:7243]

The inputs.conf below shows the setup, all of the commented out user_jndi_properties have been attempted resulting in the same error:

[jms://queue/:splunk]
browse_mode = stats
browse_queue_only = 0
durable = 0
hec_batch_mode = 0
hec_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = SplunkConnectionFactory
jndi_initialcontext_factory = com.tibco.tibjms.naming.TibjmsInitialContextFactory
jndi_provider_url = tibjmsnaming://localhost:7243
output_type = stdout
sourcetype = jms_test
strip_newlines = 1
#user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl",com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST=new Boolean("false")
#user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl",com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST="new Boolean("false")"
#user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl",com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST="false"
user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl"

I have had a look at the source code for the JMS TA and can see where these properties are set - though I'd need to create a working dev environment and step through the code to see why the above fails. Any help appreciated..

0 Karma
1 Solution

Damien_Dallimor
Ultra Champion

Try :

user_jndi_properties = com.tibco.tibjms.naming.security_protocol=ssl,com.tibco.tibjms.naming.ssl_enable_verify_host=false,com.tibco.tibjms.naming.ssl_vendor=j2se-default

View solution in original post

Damien_Dallimor
Ultra Champion

Try :

user_jndi_properties = com.tibco.tibjms.naming.security_protocol=ssl,com.tibco.tibjms.naming.ssl_enable_verify_host=false,com.tibco.tibjms.naming.ssl_vendor=j2se-default

stuartidelta01
Path Finder

Thanks Damien - that works 🙂

0 Karma

Damien_Dallimor
Ultra Champion

Lucky guess , I had to go back in my email archives as I recalled I helped a customer with this once.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...