0 Replies Latest reply on May 1, 2014 8:18 AM by upendra sukka

    LDAP and MD5 authentication not working

    upendra sukka Newbie

      My Ldap Configuration is not allowing me to Login Into My application, Please advice

       

      The below is my configuration with ldap using digest, the lines which are in red color are the ones which i have added for DIGEST authentication

       

      <application-policy xmlns="urn:jboss:security-beans:1.0" name="Upendra">

          <authentication>

        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

          <module-option name="unauthenticatedIdentity">UPENDRA</module-option>

          <module-option name="java.naming.provider.url">ldap://AD-Corp-Primary.xyz.com:389 ldap://AD-Corp-Secondary.xyz.com:389/</module-option>

          <module-option name="java.naming.security.authentication">simple</module-option>

          <module-option name="bindDN">CN=C360LDAP,OU=System Accounts,OU=Users and Groups,DC=corporate,DC=xyz,DC=com</module-option>

          <module-option name="bindCredential">hlnYulDMZaK77Cxq4VvHY</module-option>

          <module-option name="jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=LdapPassword</module-option>

          <module-option name="baseCtxDN">dc=corporate,dc=xyz,dc=com</module-option>

          <module-option name="baseFilter">(sAMAccountName={0})</module-option>

          <module-option name="rolesCtxDN">ou=Resources,ou=Users and Groups,dc=corporate,dc=xyz,dc=com</module-option>

          <module-option name="roleFilter">(member={1})</module-option>

          <module-option name="roleAttributeID">memberOf</module-option>

          <module-option name="roleAttributeIsDN">true</module-option>

          <module-option name="roleRecursion">1</module-option>

          <module-option name="searchScope">SUBTREE_SCOPE</module-option>

          <module-option name="searchTimeLimit">30000</module-option>

          <module-option name="defaultRole">HttpInvoker</module-option>

          <module-option name="allowEmptyPasswords">false</module-option>

         <module-option name="java.naming.referral">follow</module-option>

          <module-option name="hashAlgorithm">MD5</module-option>

                  <module-option name="hashEncoding">rfc2617</module-option>

                  <module-option name="hashUserPassword">true</module-option>

                  <module-option name="hashStorePassword">false</module-option>

                  <module-option name="storeDigestCallback">

                      org.jboss.security.auth.spi.RFC2617Digest

                  </module-option>

        </login-module>

        </authentication>

        </application-policy>

       

      Web.xml :

       

        <login-config>
      <auth-method>DIGEST</auth-method>
      <realm-name>upendra</realm-name>
        </login-config>