3 Replies Latest reply on Jul 1, 2009 9:52 PM by dickson1888

    Passing LDAP-authenticated users from Apache to JBoss

    dan957 Feb 18, 2009 1:44 PM

      Hi Everyone,

      [Was looking for a way to transfer this post from another forum, but couldn't, so pasting here anyway. Apologies for those reading this twice :(]

      I was hoping to get your insights. I am trying to migrate an Apache+LDAP+Tomcat application to an Apache+LDAP+JBoss set-up.

      Authentication is done by Apache via LDAP for protected resources. While it works fine for the existing Tomcat set-up, on my JBoss set-up, it does not work; server.log shows nullpointer exceptions because it is not able to pick up the user that just logged in. I can confirm via Apache's logs that LDAP authentication is happening correctly, but looking at the JBoss request dumper logs, I observe that remoteuser=null. Other parameters have values in them, such as request uri, header referer, remoteaddr, servletpath, etc.

      Now since I am not a developer, I am not sure if picking up the username from the Apache request should be done programatically, or if I am missing something in the JBoss configuration.

      Apache 2.0.63, JBossAS4.2.3GA, mod_jk1.2.27

      Kind regards,
      Dan

      • 2481 Views
      • Tags:
        • 1. Re: Passing LDAP-authenticated users from Apache to JBoss
          dan957 Feb 24, 2009 2:08 PM (in response to dan957)

          Solved!

          It was a matter of adding tomcatAuthentication="false" in the connector settings. I didn't realize this parameter was still valid in JBoss :)

            • Actions
          • 2. Re: Passing LDAP-authenticated users from Apache to JBoss
            dickson1888 May 22, 2009 5:52 AM (in response to dan957)

            hi dan957,

            I am doing the same task as your migration => Apache + JBoss with using LDAP authenticaion; just use mod_proxy. How can you just use Apache for entry authentication and then access to JBoss's web application? If the user directly call the URL to JBoss's web application, JBoss won't ask them to input the password.

            I still stuck in trying to setup LDAP authentication in JBoss, still fail.

            Thanks for any help.

              • Actions
            • 3. Re: Passing LDAP-authenticated users from Apache to JBoss
              dickson1888 Jul 1, 2009 9:52 PM (in response to dan957)

              Hi all,

              Refer to "dan957" setup for authentication, I confuse about his setting. I can setup basic authentication with using LDAP in apache (front end). If no authentication setup in JBoss, how can I secure the JBoss web server even thought I get the remote user name from apache. Anyone can directly call JBoss with using the URL in their bookmark. Any trick???????

              For my target setup
              -----------------------

              End User ---> (one server with apache and JBoss)
              Apache with proxy to JBoss
              |
              |
              |
              v
              JBoss with LDAP
              (set IP control, only accept localhost request)


              Any comment/suggestion? I still stuck in using LDAP authentication in JBoss!!!!!

                • Actions