Yes - My mistake when I posted. I changed some values but not the others for the post.

All places have the same realm Name.

I have switched debug logging on and get the following log entries

2015-09-29 07:46:51,696 DEBUG [org.jboss.security] (default task-1) PBOX00269: Failed to parse roleRecursion as number, using default value 0

2015-09-29 07:46:51,716 DEBUG [org.jboss.security] (default task-1) PBOX00283: Bad password for username B2BTESTSENDER9

2015-09-29 07:46:51,716 DEBUG [org.jboss.security] (default task-1) PBOX00206: Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286) [picketbox-4.9.2.Final.jar:4.9.2.Final]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_79]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_79]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_79]

at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_79]

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_79]

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_79]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_79]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_79]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79]

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_79]

at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_79]

I know the username password I am using is correct as I switched the management realm to use ou=basicauth,ou=users,ou=axis,o=abc,c=au

and then used the same username and password to log into the management console, and it logged in ok.

I am also sure that the HTTP server is passing through the correct username and password. The same HTTP server passes this info through to another server on which the JBoss6 version of our apps are installed, and this all works ok.

(I basically have the HTTP server set up to pass requests to /request/inbound/ to the old jboss server, and requests to /request/new/inbound/ to the new wildfly server. I use exactly the same HTTP request with same basic auth username and password to post to the different URLs. The old jboss srver works fine, so I know its getting the username and password ok )

So I'm not sure what else can be causing the issue.

Thanks,

Julie

Hi Victor.

Thanks for providing feedback for me.

I think you are correct.

I have changed the config as suggested and here is the stacktrace.

I note that it looks like JAAS is being used instead of LDAP

2015-09-29 12:01:24,658 DEBUG [org.jboss.security] (default task-1) PBOX00269: Failed to parse roleRecursion as number, using default value 0
2015-09-29 12:01:24,679 DEBUG [org.jboss.security] (default task-1) PBOX00283: Bad password for username B2BTESTSENDER9
2015-09-29 12:01:24,679 DEBUG [org.jboss.security] (default task-1) PBOX00206: Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286) [picketbox-4.9.2.Final.jar:4.9.2.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_79]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_79]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)
at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:118) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:339) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:356) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:325) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:138) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:113) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:106) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_79]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_79]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]

Julie

Thanks Michael.

Tried this. Same result :-(

Based on the many articles I have read on this today, I have updated my config as follows :

apart from the existing ManagementRealm and ApplicationRealm, I have 1 other configured :

            <security-realm name="axisHTTPSRealm">

                <server-identities>

                    <ssl>

                        <keystore path="plugin-key.jks" relative-to="jboss.server.config.dir" keystore-password="xxx"/>

                    </ssl>

                </server-identities>

            </security-realm>

I have not specified any LDAP authentication here. My understanding is that the security realm is more relevant to the server that the web application.

My web.xml contains

      <security-constraint>

         <web-resource-collection>.... </web-resource-collection>

         <auth-constraint>

            <role-name>*</role-name>

         </auth-constraint>

      </security-constraint>

      <login-config>

         <auth-method>BASIC</auth-method>

         <realm-name>axisHTTPSRealm</realm-name>

      </login-config>

I have then created the following security domain :

                <security-domain name="myHTTPSDomain" cache-type="default">

                    <authentication>

                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                            <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>

                            <module-option name="bindDN" value="uid=admin,ou=system"/>

                            <module-option name="bindCredential" value="xxxx"/>

                            <module-option name="baseCtxDN" value="ou=basicauth,ou=users,ou=axis,o=ventyx,c=au"/>

                            <module-option name="baseFilter" value="(uid={0})"/>

                            <module-option name="rolesCtxDN" value="ou=basicauth,ou=users,ou=axis,o=ventyx,c=au"/>

                            <module-option name="roleFilter" value="(uid={0})"/>

                            <module-option name="roleAttributeID" value="cn"/>

                            <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                            <module-option name="allowEmptyPasswords" value="true"/>

                        </login-module>

                    </authentication>

                </security-domain>

Note that we do not use Roles in our LDAP setup, however I have read that if the Roles-related modules-options are not specified, LdapExtLoginModule will search for roles anyway using null values which results in the authentication failing. I read somewhere else that the rolesCtxDN should be the same as the baseCtxDN in this situation. I have no idea if this is true.

ps. have also tried                             <module-option name="roleFilter" value="(member={1})"/>

with exactly the same result.

I have added this security domain into my jboss-web.xml :

<security-domain>myHTTPSDomain</security-domain>

I have also turned on org.jboss.security logging to trace level and am getting the following output :

.

2015-09-29 20:29:45,581 TRACE [org.jboss.security] (default task-2) PBOX00200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@905313f, cache entry: null
2015-09-29 20:29:45,581 TRACE [org.jboss.security] (default task-2) PBOX00209: defaultLogin, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@905313f
2015-09-29 20:29:45,581 TRACE [org.jboss.security] (default task-2) PBOX00221: Begin getAppConfigurationEntry(myHTTPSDomain), size: 4
2015-09-29 20:29:45,581 TRACE [org.jboss.security] (default task-2) PBOX00224: End getAppConfigurationEntry(myHTTPSDomain), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=baseFilter, value=(uid={0})
name=allowEmptyPasswords, value=true
name=roleFilter, value=(uid={0})
name=bindCredential, value=****
name=bindDN, value=uid=admin,ou=system
name=java.naming.provider.url, value=ldap://localhost:10389
name=rolesCtxDN, value=ou=basicauth,ou=users,ou=axis,o=ventyx,c=au
name=baseCtxDN, value=ou=basicauth,ou=users,ou=axis,o=ventyx,c=au
name=searchScope, value=SUBTREE_SCOPE
name=roleAttributeID, value=cn

2015-09-29 20:29:45,582 TRACE [org.jboss.security] (default task-2) PBOX00236: Begin initialize method
2015-09-29 20:29:45,582 TRACE [org.jboss.security] (default task-2) PBOX00240: Begin login method
2015-09-29 20:29:45,582 DEBUG [org.jboss.security] (default task-2) PBOX00269: Failed to parse roleRecursion as number, using default value 0
2015-09-29 20:29:45,582 TRACE [org.jboss.security] (default task-2) PBOX00220: Logging into LDAP server with env {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, searchScope=SUBTREE_SCOPE, java.naming.security.principal=uid=admin,ou=system, baseCtxDN=ou=basicauth,ou=users,ou=axis,o=ventyx,c=au, roleAttributeID=cn, roleFilter=(uid={0}), allowEmptyPasswords=true, rolesCtxDN=ou=basicauth,ou=users,ou=axis,o=ventyx,c=au, baseFilter=(uid={0}), jboss.security.security_domain=myHTTPSDomain, java.naming.provider.url=ldap://localhost:10389, bindDN=uid=admin,ou=system, bindCredential=******, java.naming.security.authentication=simple, java.naming.security.credentials=******}
2015-09-29 20:29:45,590 DEBUG [org.jboss.security] (default task-2) PBOX00283: Bad password for username B2BTESTSENDER9
2015-09-29 20:29:45,590 TRACE [org.jboss.security] (default task-2) PBOX00244: Begin abort method, overall result: false
2015-09-29 20:29:45,590 DEBUG [org.jboss.security] (default task-2) PBOX00206: Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286) [picketbox-4.9.2.Final.jar:4.9.2.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_79]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_79]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_79]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.9.2.Final.jar:4.9.2.Final]
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)
at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:118) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:339) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:356) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:325) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:138) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:113) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:106) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172) [undertow-servlet-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774) [undertow-core-1.2.9.Final.jar:1.2.9.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_79]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_79]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]

2015-09-29 20:29:45,601 TRACE [org.jboss.security] (default task-2) PBOX00201: End isValid, result = false
2015-09-29 20:29:45,602 TRACE [org.jboss.security] (default task-2) PBOX00354: Setting security roles ThreadLocal: null

My main concern at the moment is

a) Have I set up all that is theoretically required to get this working?

b) Since the Roles-related modules-options are so vital to the org.jboss.security.auth.spi.LdapExtLoginModule, are the values I have set in those options correct? Like I said - we don't use roles - I merely need to check whether the username and passwords are valid. But my understanding is that I need to specify something meaningful in these options - I'm just not sure what.

It seems from the log that it is connecting to LDAP, but I can't see any tracing from org.jboss.security.auth.spi.LdapExtLoginModule.

Any hints or tips welcome.

Thanks

Julie

Thanks for all the suggestions to get this working.

I eventually got it running by doing the following.

1. Fixed my LDAP properties.

I had the baseFilter set to "(uid={0})" when I should have had it set to "(cn={0})" for our setup.

2. I stuck with the LdapExtLoginModule as I found that using LdapLoginModule still didn't work (This may have just been that I didn't have the properties set properly. But I got the LdapExtLoginModule working so I admittedly didn't put too much effort into investigating what LdapLoginModule properties I needed)

I updated the 'roles' related options to :

                            <module-option name="rolesCtxDN" value="ou=roles,ou=axis,o=ventyx,c=au"/>

                            <module-option name="roleFilter" value="(member={1})"/>

3. The clincher though, was that I needed to add the following into my web.xml :

      <security-role>

            <role-name>*</role-name>

      </security-role>

The above changes got me into the servlet. However I was then getting invalid username password when calling the ejb from the servlet. I fixed this issue by updating the default-security-domain in the ejb subsection of standalone.xml to be the securityDomain that I had created, (myHTTPSDomain).

Thanks again for all suggestions and pointers.

Julie