2 Replies Latest reply: Mar 14, 2012 11:53 AM by karin k RSS

    AS 7.1.1_final: available authentication types to secure the managment interfaces

    karin k Newbie

      Hi

       

      at the moment I'm trying to find out the best way for us to secure the management interface(s)

       

      According to this documentation https://docs.jboss.org/author/display/AS71/Securing+the+Management+Interfaces

      the following authentication types are currently available

       

      Authentication
      Mechanism
      HTTP
      Interface
      Native
      Interface
      LDAP
      HTTP BASIC
      Not Supported1
      Users
      HTTP DIGEST
      SASL DIGEST
      Properties
      HTTP DIGEST
      SASL DIGEST

       

      Looking at the jboss-as-config_1_1.xsd and at the source code there seems to be another authentication type available -> jaas (class org.jboss.as.domain.management.security.JaasCallbackHandler)

      Is this authentication type really available for http interface and native interface (I just don't want to spend time trying it out, when it is not really supported for the moment, and as it is not stated in the documentation mentioned above I assume this is at the moment not supported).

       

      Is there any way to exchange the authentication method for the http/native interface? E.g. for the http interface I would like to enable a custom built authenticator which just verifies a digitally signed header and sets the principal using this one. Studying the source (org.jboss.as.domain.http.server.ManagementHttpServer) I think it is not easily possible to modify that.

       

      Same question for the native interface can we use there for example certificate based authentication or is at the moment really only SASL DIGES/ authentication method available (as stated in the documentation)

       

       

       

      Thanks for your help

      Regards

      Karin