-
1. Re: How to integrate Picketlink idp and database
anil.saldhana Oct 11, 2011 7:10 AM (in response to venkatesha.k.c)On JBoss AS, just use the database jaas login modules.
-
2. Re: How to integrate Picketlink idp and database
venkatesha.k.c Oct 11, 2011 8:38 AM (in response to anil.saldhana)Thanks for the reply...
my question is similar to http://community.jboss.org/message/603261#603261
if you provide examples, will be more helpfull.
Thanks
-
3. Re: How to integrate Picketlink idp and database
kenhuangus Nov 21, 2011 2:42 PM (in response to venkatesha.k.c)Did you get any response or find any solution on this question? I am facing the similar problem with LDAP as the identity store for IDP.
-
4. Re: How to integrate Picketlink idp and database
gthomas Dec 9, 2011 2:25 AM (in response to venkatesha.k.c)I am trying to use PicketLink Idp with OpenLdap and could not find any documentation on how to go about configuring PicketLink to use LDAP as the identity store. I have downloaded the latest version picketlink-2.0.1.final.zip and extracted the zip file under Jboss 5.1 deploy directory. How do I go about configuring PicketLink to use OpenLdap ? I see references to configuration files, but am trying to figure out where to place these configuration files. Any help will be greatly appreciated !!
Regards,
GT
-
5. Re: How to integrate Picketlink idp and database
kenhuangus Dec 20, 2011 11:55 PM (in response to venkatesha.k.c)The "idp" security domain is not defined in the login-config file and as such it will use the "other" which use UserRolesLoginModule. This login module use the property files. To use LDAP loging module, you can add something like the following in the login-config.xml file and make sure that your LDAP schema has the correct settings. It takes me a while to figure this out. I agree that there should be a good documentation on how to configure an IDP.
<application-policy name="idp" >
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://yourLDAPHOST:1389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">cn=</module-option>
<module-option name="principalDNSuffix">,ou=users, dc=FedEx,Dc=CGI,Dc=com</module-option>
<module-option name="rolesCtxDN">ou=Groups,dc=FedEx,Dc=CGI,Dc=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
-
6. Re: How to integrate Picketlink idp and database
gthomas Dec 21, 2011 3:57 AM (in response to kenhuangus)Thank you for your response. Since I could not figure out the LDAP configuration, I have used a database as the Identity store and ended up with a bunch of jbid_ tables. Hacked through some of the test cases from the source code and was able to populate the tables with a few test users. Does anyone how to retrieve the user and role information from the jbid_ tables for the idp security domain ?
Should I use JBossIdentityIDMLoginModule or the more generic DatabaseServerLoginModule ?
<policy>
<application-policy name = "idp">
<authentication>
<login-module code = "org.jboss.identity.idm.auth.JBossIdentityIDMLoginModule" flag = "required">
<module-option name="identitySessionFactoryJNDIName">java:/IdentitySessionFactory</module-option>
<module-option name="realmName">realm://JBossIdentity</module-option>
<module-option name="roleGroupTypeName">GROUP</module-option>
<module-option name="additionalRole">Authenticated</module-option>
<module-option name="userEnabledAttributeName"></module-option>
<module-option name="associatedGroupType"></module-option>
<module-option name="associatedGroupName"></module-option>
<module-option name="validateUserNameCase"></module-option>
<module-option name="userNameToLowerCase"></module-option>
</login-module>
</authentication>
</application-policy>
</policy>
<policy>
<application-policy name="idp">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">java:/MyDatabaseDS</module-option>
<module-option name="principalsQuery">
??????? </module-option>
<module-option name="rolesQuery">
?????????????? </module-option>
</login-module>
</authentication>
</application-policy>
</policy> -
7. Re: How to integrate Picketlink idp and database
gthomas Dec 24, 2011 6:43 PM (in response to gthomas)Finally got my idp configuration working using the following entry in login-config.xml.
<application-policy name = "idp">
<authentication>
<login-module code = "org.picketlink.idm.auth.JBossIdentityIDMLoginModule"
flag = "required">
<module-option name="identitySessionFactoryJNDIName">java:/IdentitySessionFactory</module-option>
<module-option name="realmName">realm://JBossIdentity</module-option>
<module-option name="roleGroupTypeName">GROUP</module-option>
<module-option name="additionalRole">Authenticated</module-option>
<module-option name="transactionAware">true</module-option>
</login-module>
</authentication>
</application-policy>