9 Replies Latest reply on Jul 13, 2018 4:07 AM by mchoma

    Wildfly 13: Strange behaviour for CustomLoginModule (based on LdapExtLoginModule)

    danielk

      Hi guys

       

      i tried to migrate from Wildfly 10 (11) to 13. First it seems to work, but on the second look authentication is broken now. My configuration includes a custom realm based on the LdapExtLoginModule, because

      we are using LDAP extensions, which had to be adressed in this login module for specific failure messages.

       

      Now the weird part: The login works, but after the first request userPrincipal as well as remoteUser returns null.

      Directly after the programmatic login (FacesContext.getCurrentInstance().login("myUsername", "myPassword")), i can call request.getUserPrincipal() as well es request.getRemoteUser() and get the right values.

      But the second request does not have these informations anymore. Both values are missing, but the HTTP session is still valid and has the same session ID.

       

      Is there any known problem for the legacy support of CustomLoginModules?

       

      Beneath that, the current configuration is crazy. Do i really have to define all the following parts to have an LDAP authentication?:

       

      standalone.xml:

      <?xml version="1.0" ?>

       

      <server xmlns="urn:jboss:domain:7.0">

       

          ...

       

              <subsystem xmlns="urn:wildfly:elytron:3.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">

       

                  ...

       

                  <security-domains>

                      <security-domain name="my-realm" default-realm="my-realm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">

                          <realm name="my-realm"/>

                      </security-domain>

       

                      ...

       

                  </security-domains>

       

                  <http>

                      <http-authentication-factory name="my-realm-http" security-domain="my-realm" http-server-mechanism-factory="global">

                          <mechanism-configuration>

                              <mechanism mechanism-name="FORM" />

                          </mechanism-configuration>

                      </http-authentication-factory>

       

                      ...

       

                  </http>

                  <sasl>

                      <sasl-authentication-factory name="my-sasl-authentication" sasl-server-factory="configured" security-domain="my-realm">

                          <mechanism-configuration>

                              <mechanism mechanism-name="PLAIN"/>

                          </mechanism-configuration>

                      </sasl-authentication-factory>

       

                      ...

       

              </subsystem>

       

              <subsystem xmlns="urn:jboss:domain:security:2.0">

                  <elytron-integration>

                      <security-realms>

                          <elytron-realm name="my-realm" legacy-jaas-config="my-realm" apply-role-mappers="false"/>

                      </security-realms>

                  </elytron-integration>

                  <security-domains>

                      <security-domain name="my-realm" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.CustomLDAPLogin" flag="required">

       

                                  ...

       

                              </login-module>

                          </authentication>

                      </security-domain>

       

                      ...

       

                  </security-domains>

              </subsystem>

       

              <subsystem xmlns="urn:jboss:domain:undertow:6.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="my-realm">

       

                  ...

       

                  <application-security-domains>

                      <application-security-domain name="my-realm" http-authentication-factory="my-realm-http"/>

                  </application-security-domains>

              </subsystem>

       

      jboss-web.xml:

      <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 4.2//EN"

          "http://www.jboss.org/j2ee/schema/jboss-web_13_0.xsd">

      <jboss-web version="13.0">

          <security-domain>my-realm</security-domain>

      </jboss-web>

       

      web.xml:

      <login-config>

          <auth-method>FORM</auth-method>

          <realm-name>my-realm</realm-name>

          <form-login-config>

              <form-login-page>/login.xhtml</form-login-page>

              <form-error-page>/login.xhtml</form-error-page>

          </form-login-config>

      </login-config>

       

      Or is there anything misconfigured? Sorry for the quotes, but if i use XML as syntax highlighting the forum software gets hungry and is eating the most of it, before showing the result

       

      PS: Why there is XSD for Wildfly 12 but none for 13?

       

      With best regards

       

      Daniel