2 Replies Latest reply on Jul 3, 2017 10:20 PM by emag

Wildfly Swarm security domain configuration

cartess Jul 3, 2017 11:24 AM

Hi guys,

We are trying to migrate a project from Wildfly 10 to Wildfly Swarm 2017.6, and we have a reached a stumbling block porting the security-domain. Our security domain is configured as follows:

<security-domain name="sec-id">

<authentication-jaspi>

<login-module-stack name="sec-id-module-stack">

<login-module code="com.obbi.domain.security.loginmodule.jwt.JWTLoginModule" flag="sufficient" module="com.obbi.domain.security">

<module-option name="expectedIssuer" value="CN=DI SIT signer"/>

<module-option name="expectedAudience" value="Obbi"/>

<module-option name="allowedClockSkewInSeconds" value="30"/>

<module-option name="validateTokenSignature" value="false"/>

<module-option name="maxFutureValidityInMinutes" value="525600"/>

<module-option name="keyStoreFilePath" value="C:/wildfly-10.1.0.Final/standalone/configuration/keystore.jks"/>

<module-option name="keyStorePassword" value="obbi123"/>

<module-option name="validateCertificate" value="false"/>

<module-option name="loadSystemPrincipals" value="true"/>

<module-option name="loadSystemPrincipalsEndpoint" value="https://test.obbi.co.za:9443/services/v1/obbi-id?page=0&size=1000&username=%s"/>

<module-option name="skipAllValidators" value="true"/>

</login-module>

</login-module-stack>

<auth-module code="com.obbi.domain.security.JASPICServerAuthModule" flag="required" login-module-stack-ref="sec-id-module-stack"/>

</authentication-jaspi>

</security-domain>

We also have a standard module configured on com.obbi.domain.security. The module is just a standard module as follows:

<resource-root path="domain-service-security-jboss-2.0-SNAPSHOT.jar"/>

<resource-root path="domain-service-security-client-2.0-SNAPSHOT.jar"/>

<resource-root path="jose4j-0.5.0.jar"/>

</resources>

</dependencies>

</module>

I can't find any wildfly swarm security fragment mappings that match to the subsystem. May I ask if they do exist, and if there is any documentation on them, of if anyone can assist in this forum can assist?

Regards

1. Re: Wildfly Swarm security domain configuration

emag Jul 3, 2017 10:13 PM (in response to cartess)

Though this example doesn't use jaspi it would be help for creating your project-<profile>.yml.
wildfly-swarm-examples/project-defaults.yml at 2017.6.0 · wildfly-swarm/wildfly-swarm-examples · GitHub

The reference for settings correspond the security subsystem is here.
https://reference.wildfly-swarm.io/v/2017.6.1/fractions/security.html

And the example of adding your own module(under src/main/resources) is here.
wildfly-swarm-examples/datasource/datasource-war at 2017.6.0 · wildfly-swarm/wildfly-swarm-examples · GitHub
1 of 1 people found this helpful
Actions
2. Re: Wildfly Swarm security domain configuration

emag Jul 3, 2017 10:20 PM (in response to emag)

And more, you can also <resource-root> element like your original module.xml(perhaps you need to add your jar in your VCS :\)
wildfly-swarm/module.xml at 2017.6.0 · wildfly-swarm/wildfly-swarm · GitHub
1 of 1 people found this helpful
Actions

Go to original post