1 Reply Latest reply on Apr 29, 2008 6:01 AM by kmekme

    Ldap authentication failed with /auth/... url

    kmekme
    kmekme Apr 29, 2008 5:02 AM

      Hi,

      I've set up LDAP configuration for jboss-portal in login-config.xml like this :

      <policy>
 <!-- For the JCR CMS -->
 <application-policy name="cms">
 <authentication>
 <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
 </authentication>
 </application-policy>

 <application-policy name="portal">
 <authentication>

 <!-- LDAP -->
 <login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule" flag="required">
 <module-option name="synchronizeIdentity">true</module-option>
 <module-option name="synchronizeRoles">true</module-option>
 <module-option name="defaultAssignedRole">Medecin</module-option>
 <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
 <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
 <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
 <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
 <module-option name="java.naming.provider.url">ldap://cbh71-int:389/</module-option>
 <module-option name="java.naming.security.authentication">simple</module-option>
 <module-option name="bindDN">CN=Manager,dc=mck,dc=com</module-option>
 <module-option name="bindCredential">secret</module-option>
 <module-option name="baseCtxDN">ou=People,dc=mck,dc=com</module-option>
 <module-option name="baseFilter">(uid={0})</module-option>
 <module-option name="rolesCtxDN">ou=People,dc=mck,dc=com</module-option>
 <module-option name="roleFilter">(member={1})</module-option>
 <module-option name="roleAttributeID">cn</module-option>
 <module-option name="roleRecursion">-1</module-option>
 <module-option name="searchTimeLimit">10000</module-option>
 <module-option name="searchScope">SUBTREE_SCOPE</module-option>
 <module-option name="allowEmptyPasswords">false</module-option>
 </login-module>

 </authentication>
 </application-policy>
</policy>


      Ldap authentication is sucessfull.
      But when I'm in an page with an URL like ..../AUTH/..... I've an 403 error.
      I've no errors in JBoss logs.
      If i open a new browser, i'm still logged in.

      Is there something I've forgot?







      • 1045 Views
      • Tags:
        • 1. Re: Ldap authentication failed with /auth/... url
          kmekme
          kmekme Apr 29, 2008 6:01 AM (in response to kmekme)

          Ok i've fou nd an answer if anyone is interested.

          By default, JBoss portal /auth/* URL are mapped to "Authenticated" role.

          I've either the choice of create a role "Authenticated" in my LDAP and put all my users inside or change the web.xml configuration in deploy\jboss-portal.sar\portal-server.war\WEB-INF\

          In my case, I have to change every <role-name> and <role link> from :

          <role-name>Authenticated</role-name>
<role-link>Authenticated</role-link>


          To : 

          <role-name>Medecin</role-name>
<role-link>Medecin</role-link>



          Works fine now !
          :D



            • Actions