-
1. Re: Wildfly integration with Enterprise Password Vault-from CyberArk
rareddy Mar 30, 2016 6:02 PM (in response to jayeshgarg)Jayesh,
yes, it is possible. But for it to work you need to develop a custom security domain module (a JAAS security module) and write interfaces into Cyberark to fetch the password, based on the logged in user's credentials or something else. Do you know if Cyberak has any JDBC or rest based interfaces to extract password from it's vault?
There are few moving pieces to solves this, definitely an advanced topic. Since Cyberark is not open source project we will not going to providing such support from community product.
1) Take a look our code one of login modules like teiid/SimpleLoginModule.java at master · rareddy/teiid · GitHub develop a login module for Cyberark
2) Deploy above login module in WildFly
3) Then configure the security-domain using the above login-module in standalone-teiid.xml file. see "security-domain" subsystem there.
4) Configure LDAP resource adapter to use above security domain. See example here Data Source Security | Teiid Documentation see the fragment
<security> <security-domain>my-security-domain</security-domain> </security>
The restart the server, then if you created the Subject correctly with right credentials (PasswordCredential) then LDAP resource-adapter will pick it up from the context and use that as the password.
HTH
Ramesh..