Hi

I have an application that implemented Container Authentication with LDAP and works fine in Tomcat but I can't make work in JBoss

Tomcat setup:

   server.xml

.

<Realm  className="org.apache.catalina.realm.JNDIRealm"

                        debug="99"

connectionName="xxxxxxx"

connectionPassword="yyyyyy"

connectionURL="ldap://zzzzz.com:389"

                alternateURL="ldap://zzzzz.com:389"

userBase="DC=zzz,DC=com"

userSubtree="true"

referrals="follow"

userSearch="(sAMAccountName={0})"

roleBase="dc=zzz,dc=com"

roleName="sAMAccountName"

roleSearch="(member={0})"

roleSubtree="true"/>

application web.xml

.

<security-constraint>

  <display-name>Security</display-name>

  <web-resource-collection>

    <web-resource-name>Entry Point</web-resource-name>

    <url-pattern>/acegi/authentication_target_dummy.jsp</url-pattern>

  </web-resource-collection>

<auth-constraint>

    <role-name>Product Support</role-name>

   <role-name>Generic Support</role-name>

</auth-constraint>

  </security-constraint>

.

.

  <security-role>

    <role-name>Product Support</role-name>

    <role-name>Generic Support</role-name>

  </security-role>

.

JBoss setup

standalone.xml:

.

                <security-domain name="ad_security_domain">

                    <authentication>

                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                            <module-option name="password-stacking" value="useFirstPass"/>

                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                            <module-option name="java.naming.provider.url" value="ldap://zzzzzzz:389"/>

                            <module-option name="java.naming.security.authentication" value="simple"/>

                            <module-option name="bindDN" value="xxxxxxxxx"/>

                            <module-option name="bindCredential" value="yyyyyyyyyyy"/>

                            <module-option name="baseCtxDN" value="dc=zzz,dc=com"/>

                            <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                            <module-option name="rolesCtxDN" value="dc=zzz,dc=com"/>

                            <module-option name="roleFilter" value="(member={0})"/>

                            <module-option name="roleAttributeID" value="cn"/>

                            <module-option name="throwValidateError" value="true"/>

                            <module-option name="java.naming.referral" value="follow"/>

                            <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                            <module-option name="unauthenticatedIdentity" value="unauthenticated"/>

                            <module-option name="allowEmptyPasswords" value="false"/>

                        </login-module>

                    </authentication>

                </security-domain>

.

jboss-web.xml:

<?xml version="1.0"?>

<jboss-web>

    <security-domain>ad_security_domain</security-domain>

</jboss-web>

application web.xml is the same

in the jboss log I am getting

.

JBWEB001038: Security role name Product Support used in an <auth-constraint> without being defined in a <security-role>

.

What is missing?

any help is appreciated

Thanks

Bar