All Apps and Add-ons

Problems with SSL JNDI Lookup against Tibco EMS

Path Finder

I am trying to perform a JNDI lookup over SSL to Tibco EMS using the JMS Modular Input. Everything works OK for a non-SSL JNDI lookup and I am also able to create an SSL queue connection (based on an SSL connection factory - when using a non-SSL lookup).

External to Splunk and the JMS TA the following Java code successfully performs a JNDI lookup over SSL:

Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.tibco.tibjms.naming.TibjmsInitialContextFactory");
props.put(Context.PROVIDER_URL, "tibjmsnaming://localhost:7243");
//SSL JNDI Lookup 
props.put(com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST, new Boolean("false"));
InitialContext context = new InitialContext(props);
QueueConnectionFactory qconFactory = (QueueConnectionFactory)context.lookup("SplunkConnectionFactory");

All attempts to recreate this setup in the JMS TA (through user_jndi_properties) result in the following error being logged:

03-31-2017 14:18:12.850 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/jms_ta/bin/" Stanza jms://queue/:splunk : Error connecting : javax.naming.ServiceUnavailableException: Failed to query JNDI: Failed to connect to the server at tcp://localhost:7243 [Root exception is javax.jms.JMSException: Failed to connect to the server at tcp://localhost:7243]

The inputs.conf below shows the setup, all of the commented out user_jndi_properties have been attempted resulting in the same error:

browse_mode = stats
browse_queue_only = 0
durable = 0
hec_batch_mode = 0
hec_https = 0
index_message_header = 0
index_message_properties = 0
init_mode = jndi
jms_connection_factory_name = SplunkConnectionFactory
jndi_initialcontext_factory = com.tibco.tibjms.naming.TibjmsInitialContextFactory
jndi_provider_url = tibjmsnaming://localhost:7243
output_type = stdout
sourcetype = jms_test
strip_newlines = 1
#user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl",com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST=new Boolean("false")
#user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl",com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST="new Boolean("false")"
#user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl",com.tibco.tibjms.naming.TibjmsContext.SSL_ENABLE_VERIFY_HOST="false"
user_jndi_properties = com.tibco.tibjms.naming.TibjmsContext.SECURITY_PROTOCOL="ssl"

I have had a look at the source code for the JMS TA and can see where these properties are set - though I'd need to create a working dev environment and step through the code to see why the above fails. Any help appreciated..

0 Karma
1 Solution

Ultra Champion

Try :

user_jndi_properties = com.tibco.tibjms.naming.security_protocol=ssl,com.tibco.tibjms.naming.ssl_enable_verify_host=false,com.tibco.tibjms.naming.ssl_vendor=j2se-default

View solution in original post

Ultra Champion

Try :

user_jndi_properties = com.tibco.tibjms.naming.security_protocol=ssl,com.tibco.tibjms.naming.ssl_enable_verify_host=false,com.tibco.tibjms.naming.ssl_vendor=j2se-default

Path Finder

Thanks Damien - that works 🙂

0 Karma

Ultra Champion

Lucky guess , I had to go back in my email archives as I recalled I helped a customer with this once.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...