How to configure LDAP With Jboss Server which is also having Digest Based Authentication or Encoding?
upendrasaikumar Apr 25, 2014 7:21 AMI have JBoss AS 6 Sever installed and it was configured with LDAP Server
jboss-beans.xml
<application-policy xmlns="urn:jboss:security-beans:1.0" name="ldapAuth">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">Upendra</module-option>
<module-option name="java.naming.provider.url">ldap://<xyz>.com:389 ldap://<xyz>.com:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">CN=C360LDAP,OU=System Accounts,OU=Users and Groups,DC=corporate,DC=ltcg,DC=com</module-option>
<module-option name="bindCredential">hlnYulDMZaK77Cxq4VvHY</module-option>
<module-option name="jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=LdapPassword</module-option>
<module-option name="baseCtxDN">dc=corporate,dc=xyz,dc=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">ou=Resources,ou=Users and Groups,dc=corporate,dc=xyz,dc=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleRecursion">1</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="searchTimeLimit">30000</module-option>
<module-option name="defaultRole">HttpInvoker</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="java.naming.referral">follow</module-option>
</login-module>
</authentication>
</application-policy>
JBOSS.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.2//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_2.dtd">
<jboss>
<security-domain>java:/jaas/ldapAuth</security-domain>
<enterprise-beans>
<session>
<ejb-name>com.eistream.sonora.webservices.WsSessionEJBEndPointHome</ejb-name>
<jndi-name>com.eistream.sonora.webservices.WsSessionEJBEndPointHome</jndi-name>
<port-component>
<port-component-name>WsSessionEJBEndpoint</port-component-name>
<auth-method>BASIC</auth-method>
</port-component>
</session>
</enterprise-beans>
<container-configurations>
<container-configuration>
<container-name>Standard BMP EntityBean</container-name>
<commit-option>C</commit-option>
</container-configuration>
</container-configurations>
</jboss>
If you see, the configuration is using BASIC authentication method and the encoding mechanism is base64, i want to change this encoding to DIGEST or any other SECURE one other than the basic.
I have read several post that it was not possible to have DIGEST based authentication with LDAP, so i would request to help me make this better and i need to use the container based authentication.
below in my web.xml file
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
Thanks in advance
Upendra.S