Wildfly 11 - Configure Management to use Active Directory
jayboyle_5446 Dec 5, 2018 12:48 PMHi, I am struggling to get the Management Console configure to use Active Directory for authentication in Wildfly 11.
I am using the new Elytron security model, and have a LDAP Realm configured and users are able to authenticate and log into the deployed applications. Instead of using the default properties file I would like to use this same LDAP Realm to allow users to authenticate through the Management Console. I've tried several combination of things based on (dated) articles I could find on Google. It would be much appreciated if someone can point me in the right direction.
This is the security configuration of the LDAP Realm that allows AD users to authentication against applications deployed on this server.
<elytron>
...
<security-domains>
...
<security-domain name="AllUsersLDAPSecurityDomain" default-realm="CachedAllUsersLDAPSecurityRealm" permission-mapper="default-permission-mapper">
<realm name="CachedAllUsersLDAPSecurityRealm"/>
</security-domain>
</security-domains>
<security-realms>
<ldap-realm name="CBSAUsersLDAPSecurityRealm" dir-context="ldap-connection" direct-verification="true">
<identity-mapping rdn-identifier="CN" use-recursive-search="true" search-base-dn="ou=root,dc=Alpha,dc=ABC-DEF,dc==NET" iterator-filter="(uid=*)">
<attribute-mapping>
<attribute from="CN" to="Roles" filter="(&(objectClass=groupOfNames)(member={0}))" filter-base-dn="ou=root,dc=Alpha,dc=ABC-DEF,dc=NET"/>
</attribute-mapping>
</identity-mapping>
</ldap-realm>
<caching-realm name="CachedAllUsersLDAPSecurityRealm" realm="AllUsersLDAPSecurityRealm"/>
</security-realms>
<hhtp>
<http-authentication-factory name="ldap-all-users-http-authentication" http-server-mechanism-factory="global" security-domain="AllUsersLDAPSecurityDomain">
<mechanism-configuration>
<mechanism mechanism-name="FORM">
<mechanism-realm realm-name="CachedAllUsersLDAPSecurityRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
</http>
<dir-contexts>
<dir-context name="ldap-connection" url="ldap://ldap1.ABC-DEF.NET:389" principal="cn=Userg,ou=Service_Accounts,dc=ALPHA,DC=ABC-DEF,DC=NET">
<credential-reference clear-text="secret"/>
</dir-context>
</dir-contexts>
</eytron>