JASPI ServerAuthModule I've a self written JASPI ServerAuthModule, which works great in Glassfish. Now I had to switch to AS 7. I have not found any resources how to configure a JASPI ServerAuthModule in AS 7?! I put my jar in a AS... 
DatabaseCertLoginModule can't find securityDomain I've configured a security-domain in subsystem domain:security:1.1 mycertdomain which is displayed in the server profile page under Security/Security Domains. When I reference that securityDomain in a login-module/mo... 
PicketBox Development Chat Transcript Anil and Pedro. (08:36:43 AM) asaldhan: psilva: discuss status of each project. we then can do checkpoints (08:36:53 AM) asaldhan: https://docs.jboss.org/author/display/SECURITY/SecurityProjectsArchitec... 
Can we use vault in authentication/login-module or anthentication/users? Hello all, As the article https://community.jboss.org/wiki/JBossAS7SecuringPasswords describes, we can use vault to secure datasource password. For authentication, can we also use vault to secure sensitive str... 
Security Context Propagation Discussion related to https://docs.jboss.org/author/display/SECURITY/Java+Application+Security When there is a need to propagate security context, the following usecases come into my mind: a) Thread level sec... Alternative for class org.jboss.security.auth.login.DynamicLoginConfig in AS7 How to plug DynamicLoginConfig from AS6 into AS7? In AS6 dynamic JAAS configuration is done using class org.jboss.security.auth.login.DynamicLoginConfig. Is there any posibility to get similar dynamic JAAS configura... 
[Jboss AS 7] Use Jboss negotiation with JDK 7 and Windows Server 2008 checksum failed Hello everyone, I need your help. I would like to use the technology "SSO" in our application and let me know if this is compatible? and if so, I would like the step I'm missing because I get errors perpetually. Con... 
Get something started with XACML - Requirements Discussion Hello all, I have recently begun participating in this project and I noticed that the discussion on XACML has been fairly quiet, so I thought I would kick off some discussions to see what the interest level is, see ... 
Challenge/Response enabled Authentication Framework Wondering if SASL is the perfect candidate for a challenge/response enabled authentication framework with multiple authentication mechanism support. Wikipedia entry on SASL. Apart from a challenge/resp... Negotiation protocol broke? I detected a problem with the implementation of the Kerberos login module for JBoss AS 6. It seem's that the negotiation protocol isn't fully implemented. If there are multiple alternatives it stops after the first ... 
JBossCachedAuthenticationManager caching and JAAS modules returning different Principal I have been trying to run two applications with EJB remoting on JBoss 7.1.x. My main problem is that currently JBoss only allows one authentication method by remoting port (one realm per port) and the EJB3 subsystem o... 
WebJASPIAuthenticator ignores GroupPrincipalCallback but requires PasswordValidationCallback In JBoss AS 7.1.1, if a user provided ServerAuthModule provides a GroupPrincipalCallback, this is ignored by WebJASPIAuthenticator. The provider handler copies the GroupPrincipalCallback, but the authenticator then do... 
How-to registering JASPI auth module via AuthConfigFactory? In this article Ron Mozillo hints that an JASPI auth module can be registered via the AuthConfigFactory. Unfortunately no example is given and the API plus Javadoc isn't exactly straightforward. I'm trying to do the p... How to pass data from valve to login module? I use AS71.0CR1b I need some http header data in my login module. - But how can I access http header in login modules? My current approach is to read http header in a valve, put it in a thread local an... How to decrypt the password which was encrypted by picketBox In JBoss AS7 datasource configuration, I use java org.picketbox.datasource.security.SecureIdentityLoginModule passwordString to encrypt the password. Now I have one requirement that decrypt the password by my app co... 
Injection in LoginModules Could any of you guys shed some light on this? https://community.jboss.org/thread/177900?tstart=0 
AS7: Sensitive Attributes Masking We can extend masking of passwords to all attributes that the user determines to be sensitive and not be displayed in clear text in the configuration files. There are two entities: a) Sensitive Attribute Hold... XACML Resource Management This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... XACML Deployment This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... XACML Audit/Reporting This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin...
Log in to follow, share, and participate in this community.