I am currently tasked with developing a generalized authentication module for Wildfly and I'm in a bind with not knowing how to go about it. I'm trying to build servlets that would receive the user's credentials in the request parameters or get a user's x509 cert and then authenticate them and create their session with their associated roles. After researching it seems that I need to use JASPIC bridged with JAAS, but I have a couple of questions from here:
I've tried registering my custom ServerAuthModule in the standalone within the "<authentication-jaspi><auth-module>...." tags but I'm getting an error with undertow saying "Error getting ServerAuthContext for authContextId...". Obviously, I'm doing something wrong, so how would I go about correcting this? Do I need to implement all of the classes as shown on this blog: Arjan Tijms' Weblog: Implementing container authentication in Java EE with JASPIC
How would I got about designing the ServerAuthModule so that I can add multiple implementations of the LoginModule calls so I can add custom callback handlers to the LoginModule in JAAS? I currently require a username/password login and an x509 cert login, but the requirements in the future may include things like LDAP logins so I need it to allow for extensibility.
Hopefully someone can help me or point me in the direction of a good example to follow.