1 Reply Latest reply on Jul 25, 2018 5:04 AM by mchoma

Jboss 7.1 - management authentication LDAP + mgmt-users.properties?

vrames Jul 16, 2018 6:11 AM

Hello,

I've successufully set mgmt authentication aganst LDAP regarding articles

LDAP and WildFly part 1: securing the management console

or 9.7.4. Use LDAP to Authenticate to the Management Interfaces - Red Hat Customer Portal ,

but our customer asked us for possibility of both types of management authentication:

- primary named authentication from LDAP

- in emergency cases authentication with system account (jbossadm - from mgmt-users.properties).

I've tested it on JBOSS EAP 7.1.

I'm not able to find possibility how to manage it (if it can be managed).

Can you please give me any hint/advice - if this possibility exist?

Thank you in advance

Best Regards

Vladislav

1. Re: Jboss 7.1 - management authentication LDAP + mgmt-users.properties?

mchoma Jul 25, 2018 5:04 AM (in response to vrames)

   <xs:complexType name="authenticationType">
        <xs:annotation>
            <xs:documentation>
                Configuration of the server side authentication mechanisms.

                Optionally one truststore can be defined and one username/password based store can be defined.
                Authentication will first attempt to use the truststore and if this is not available will fall back
                to the username/password authentication.

                If none of these are specified the only available mechanism will be the local mechanism for the
                Native interface and the HTTP interface will not be accessible.
            </xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="truststore" type="realmKeyStoreType" minOccurs="0">
                <xs:annotation>
                    <xs:documentation>
                        Configuration of a keystore to use to create a trust manager to verify clients.
                    </xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="local" type="localType" minOccurs="0">
                <xs:annotation>
                    <xs:documentation>
                        Configuration to enable the local authentication mechanism, if this element
                        is omitted then local authentication will be disabled.
                    </xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:element name="kerberos" type="kerberosAuthenticationType" minOccurs="0">
                <xs:annotation>
                    <xs:documentation>
                        Configuration to enable Kerberos authentication.
                    </xs:documentation>
                </xs:annotation>
            </xs:element>
            <xs:choice minOccurs="0">
                <xs:element name="jaas" type="jaasAuthenticationType" minOccurs="0" />
                <xs:element name="ldap" type="ldapAuthenticationType" minOccurs="0" />
                <xs:element name="properties" type="propertiesAuthenticationType" minOccurs="0" />
                <xs:element name="users" type="usersAuthenticationType" minOccurs="0" />
                <xs:element name="plug-in" type="plug-inAuthType" minOccurs="0" />
            </xs:choice>
        </xs:sequence>
    </xs:complexType>
Actions