0 Replies Latest reply on Apr 25, 2014 7:21 AM by upendrasaikumar

    How to configure LDAP With Jboss Server which is also having Digest Based Authentication or Encoding?

    upendrasaikumar
    upendrasaikumar Apr 25, 2014 7:21 AM

      I have JBoss AS 6 Sever installed and it was configured with LDAP Server

       

      jboss-beans.xml

       

      <application-policy xmlns="urn:jboss:security-beans:1.0" name="ldapAuth">

          <authentication>

        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

          <module-option name="unauthenticatedIdentity">Upendra</module-option>

          <module-option name="java.naming.provider.url">ldap://<xyz>.com:389 ldap://<xyz>.com:389/</module-option>

          <module-option name="java.naming.security.authentication">simple</module-option>

          <module-option name="bindDN">CN=C360LDAP,OU=System Accounts,OU=Users and Groups,DC=corporate,DC=ltcg,DC=com</module-option>

          <module-option name="bindCredential">hlnYulDMZaK77Cxq4VvHY</module-option>

          <module-option name="jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=LdapPassword</module-option>

          <module-option name="baseCtxDN">dc=corporate,dc=xyz,dc=com</module-option>

          <module-option name="baseFilter">(sAMAccountName={0})</module-option>

          <module-option name="rolesCtxDN">ou=Resources,ou=Users and Groups,dc=corporate,dc=xyz,dc=com</module-option>

          <module-option name="roleFilter">(member={1})</module-option>

          <module-option name="roleAttributeID">memberOf</module-option>

          <module-option name="roleAttributeIsDN">true</module-option>

          <module-option name="roleRecursion">1</module-option>

          <module-option name="searchScope">SUBTREE_SCOPE</module-option>

          <module-option name="searchTimeLimit">30000</module-option>

          <module-option name="defaultRole">HttpInvoker</module-option>

          <module-option name="allowEmptyPasswords">false</module-option>

          <module-option name="java.naming.referral">follow</module-option>

        </login-module>

        </authentication>

        </application-policy>

       

       

      JBOSS.xml

       

      <?xml version="1.0" encoding="UTF-8"?>

      <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.2//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_2.dtd">

      <jboss>

        <security-domain>java:/jaas/ldapAuth</security-domain>

        <enterprise-beans>

          <session>

            <ejb-name>com.eistream.sonora.webservices.WsSessionEJBEndPointHome</ejb-name>

            <jndi-name>com.eistream.sonora.webservices.WsSessionEJBEndPointHome</jndi-name>

            <port-component>

             <port-component-name>WsSessionEJBEndpoint</port-component-name>

            <auth-method>BASIC</auth-method>

            </port-component>

           </session>

        </enterprise-beans>

        <container-configurations>

         <container-configuration>

          <container-name>Standard BMP EntityBean</container-name>

           <commit-option>C</commit-option>

          </container-configuration>

        </container-configurations>

      </jboss>

       

      If you see, the configuration is using BASIC authentication method and the encoding mechanism is base64, i want to change this encoding to DIGEST or any other SECURE one other than the basic.

      I have read several post that it was not possible to have DIGEST based authentication with LDAP, so i would request to help me make this better and i need to use the container based authentication.

       

      below in my web.xml file

       

                <login-config>

                     <auth-method>BASIC</auth-method>

                </login-config>

       

      Thanks in advance

      Upendra.S

      • 274 Views
      • Categories: JBoss AS 6.0
      • Tags: