2 Replies Latest reply on Dec 17, 2007 4:35 AM by badock

    Authentication AND Identification JBossPortal+LDAP+Kerberos

    badock
    badock Dec 13, 2007 11:01 AM

      Hello all,
      I'm still trying to Kerberize my JBoss portal, and i go futher everyday... but it takes time :P

      OK, so let's sum up :

      I have a Kerberos Server (KDC), an Apache in front of a Tomcat/Jboss, and a LDAP which JBoss can read (set in ldap_identity-config.xml).
      Apache can display JBossPortal using the tomcat communicator mod_jk.
      I put the "JkEnvVar REMOTE_USER" line in the mod_jk conf file so that Apache "tells" JBoss who tries to log in.
      I also wrote into the server.xml file to bypass standard tomcat authentication :

      <!-- Define an AJP 1.3 Connector on port 8009 -->
 <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
 emptySessionPath="true" enableLookups="false" redirectPort="8443" tomcatAuthentication="false" />

 <Engine name="jboss.web" defaultHost="localhost">

      Now what happens ?

      When a user tries to access the portal, he's asked to get a TGT from the KDC, then he's asked a TGS(HTTP) in order to access Apache.
      When he gets to the JBossPortal page, JBoss goes and see who he really is in the LDAP, using the REMOTE_USER variable Apache gave him, and logs him in, if he ever is in the LDAP.
      On the top-right corner, you can see the username as defined in the LDAP.

      So what's the problem ?

      Well, the thing is, JBoss/Tomcat logs users fine, but they don't get their profile.
      And since the portlets i use _depend_on_ the user's profile i really need that information.
      I think i have to find out more on how the fact that setting "tomcatAuthentication" to false screw things up...

      So if you have any idea ... feel free to tell me :)

      previous post :
      http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4111256#4111256
      http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4106371#4106371

      • 8013 Views
      • Tags:
        • 1. Re: Authentication AND Identification JBossPortal+LDAP+Kerbe
          sdhaliwal
          sdhaliwal Dec 15, 2007 11:12 AM (in response to badock)

          I am assuming that you are referring to user's profile stored in jboss portal tables. If that is the case you need to connect the user you are logging in as to user's profile stored in jbp_users table. For all the uses in Ldap directory that need to be authenticated and enabled to use jboss-portal there needs to be an entry in the jbp_users table where jbp_uname column is populated with the username.

          Hope this helps

            • Actions
          • 2. Re: Authentication AND Identification JBossPortal+LDAP+Kerbe
            badock
            badock Dec 17, 2007 4:35 AM (in response to badock)

             

            "sdhaliwal" wrote:
            I am assuming that you are referring to user's profile stored in jboss portal tables. If that is the case you need to connect the user you are logging in as to user's profile stored in jbp_users table. For all the uses in Ldap directory that need to be authenticated and enabled to use jboss-portal there needs to be an entry in the jbp_users table where jbp_uname column is populated with the username.

            Hope this helps


            I'm not sure i understood everything ...
            You say that the roles are stored in a jbp_users table. But I'm not using the default DB for authentication, i'm using a LDAP.
            Are you sure i'm forced to edit this table, and if so, how can i do that ?

            Thanks for helping ;)

              • Actions