-
1. Re: Picketlink IDP with LDAP Authentication
dmouch Sep 22, 2014 6:00 AM (in response to dmouch)I have finally manged to make this work, with the following configuration:
<security-domain name="idp" cache-type="default">
<authentication>
<login-module code="org.jboss.security.negotiation.AdvancedADLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://111.111.111.111:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=administrator,cn=users,dc=example,dc=com"/>
<module-option name="bindCredential" value="somepass"/>
<module-option name="baseCtxDN" value="CN=Users,DC=example,DC=com"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="rolesCtxDN" value="CN=Users,DC=example,DC=com"/>
<module-option name="roleFilter" value="(sAMAccountName={0})"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="1"/>
</login-module>
</authentication>
</security-domain>
I also managed to see logs by adding:
<logger category="org.jboss.security"> <level name="TRACE"/> </logger> in the appropriate section of standalone.xml which was very helpful.