Hi,

I'm using Jboss EAP 6.4 and I want to access the server via a Java Swing Client which connects to the EJB3 on the server.

So far I'm able to connect when the users are stored locally in application-user.properties etc. via the standard ApplicationRealm

<security-realm name="ApplicationRealm">

                <authentication>

                    <local default-user="$local" allowed-users="*" skip-group-loading="true"/>

                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

                </authentication>

                <authorization>

                    <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>

                </authorization>

</security-realm>

[..]

<subsystem xmlns="urn:jboss:domain:remoting:1.2">

            <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

</subsystem>

The client uses the jboss-ejb-client.properties and the user and password is set there:

remote.connection.default.username=myuser

remote.connection.default.password=mypassword

Now I want to connect the JBoss to a LDAP server and the Client should authenticate again the users in that LDAP.

I created a new security-realm:

<security-realm name="LdapSecurityrealm">

                <server-identities>

                    <ssl protocol="TLSv1">

                        <keystore path="admin.jks" relative-to="jboss.server.config.dir" keystore-password="pass" alias="alias"/>

                    </ssl>

                </server-identities>

                <authentication>

                    <ldap connection="ldap_connection" base-dn="ou=people,dc=company,dc=eu">

                        <username-filter attribute="uid"/>

                    </ldap>

                </authentication>

                <authorization>

                    <ldap connection="ldap_connection">

                        <group-search group-name="SIMPLE" group-name-attribute="cn">

                            <group-to-principal search-by="DISTINGUISHED_NAME" base-dn="ou=groups,dc=company,dc=eu" recursive="true">

                                <membership-filter principal-attribute="uniqueMember"/>

                            </group-to-principal>

                        </group-search>

                    </ldap>

                </authorization>

</security-realm>

<outbound-connections>

            <ldap name="ldap_connection" url="ldaps://ldap.company.eu:636" search-dn="uid=user,ou=people,dc=company,dc=eu" search-credential="secret"/>

</outbound-connections>

I changed the remoting subsystem:

<subsystem xmlns="urn:jboss:domain:remoting:1.2">

            <connector name="remoting-connector" socket-binding="remoting" security-realm="LdapSecurityrealm"/>

</subsystem>

And I expected this should work similar when providing the user/password via the jboss-ejb-client.properties files.

But it's not working.

Do I need an additional security-domain or what is missing here ?

I hope you can help me.

Many thanks

kr

Mark

Message was edited by: M P OK, found the solution. In this case, the connection between Client and JBoss has to be SSL. jboss-ejb-clientSSL.properties: endpoint.name=client-endpoint remote.connections=default remote.connection.default.host=host remote.connection.default.port=4447 remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT=false remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER remote.connection.default.username=user remote.connection.default.password=pass remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS=true remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=true