-
1. Re: replacing loginmodule in jBPM 3.2.3 / Tomcat 6
kukeltje Oct 8, 2008 8:22 AM (in response to fredv)the console itself or even jBPM do not authenticate. The console uses the credentials and roles provided by the container, and when starting a process, you have to set that id in the actor id when starting a process or retrieving a tasklist. For assignments there is a relation to the identity module though
-
2. Re: replacing loginmodule in jBPM 3.2.3 / Tomcat 6
fredv Oct 8, 2008 8:34 AM (in response to fredv)Doesn't the console have a kind of "built-in" authentication module?
The problem I'm facing here is that I've configured a Realm to get Tomcat authenticate me on an ActiveDir, but the console doesn't seem to appreciate it.
I'm not even talking about actor's in processes : I haven't deployed any processes yet in the jbpm-console.
When I login, Tomcat sends an error :
"
type : Status report
message : Access to the requested resource has been denied
description : Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
"
That's why I was asking myself if the "out-of-the-box" jbpm-console wasn't trying to challenge the AD login id with some internal database somewhere... :(
It works fine if I follow the http://wiki.jboss.org/wiki/JbpmOnTomcat wiki step-by-step (I can log in, start processes, etc...).
But since I change the $TOMCAT_HOME/conf/Catalina/localhost/jbpm-console.xml to :
logging into the jbpm-console fails.... :(
Any idea?
Thanks.
Fred -
3. Re: replacing loginmodule in jBPM 3.2.3 / Tomcat 6
fredv Oct 8, 2008 8:39 AM (in response to fredv)Sorry, the content of the jbpm-console.xml file didn't get displayed in my answer...
Here it is:<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://myldap.server:389" connectionName="MyAdmin" connectionPassword="MyPassword" userPattern="cn={0}, CN=Users, DC=iamverif, DC=dom" roleBase="CN=Users, DC=iamverif, DC=dom" roleName="cn" roleSearch="uniqueMember={0}" />
-
4. Re: replacing loginmodule in jBPM 3.2.3 / Tomcat 6
kukeltje Oct 8, 2008 12:31 PM (in response to fredv)Doesn't the console have a kind of "built-in" authentication module?
That's what I stated in the first sentence of my previous post. Sure the console webapp has roles defined which are required, but that still is all container related -
5. Re: replacing loginmodule in jBPM 3.2.3 / Tomcat 6
fredv Oct 9, 2008 3:12 AM (in response to fredv)Ok, I understand that all the authentication thing is container related. By the way I did manage to make Tomcat authenticate on my Active Directory.
But, I think that, indeed, my problems come from the roles that are defined in the webapp console.
Have you (or anyone else I guess) ever managed to use the jbpm-console with an Active Directory authentication?
I so, could you please guide me to what I should do?
Thanks again.
Fred -
6. Re: replacing loginmodule in jBPM 3.2.3 / Tomcat 6
kukeltje Oct 10, 2008 6:01 AM (in response to fredv)Not with AD, but with LDAP. Did nothing special, just made sure al correct roles are in the AD/LDAP and your loginmodule can retrieve them