0 Replies Latest reply on Apr 4, 2016 7:05 AM by np97190

    Combining two authentication modules.

    np97190
    np97190 Apr 4, 2016 7:05 AM

      Hi All,


      this is my current ldap authentication configuration.


      <security-domain name="jbpm_ldap_domain">

          <authentication>

              <login-module code="LdapExtended" flag="optional">

                  <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                  <module-option name="java.naming.provider.url" value="ldap://serveriporname:389"/>

                  <module-option name="java.naming.security.authentication" value="simple" />

                  <module-option name="bindDN" value="CN=Administrator,CN=Users,DC=domain,DC=com"/>

                  <module-option name="bindCredential" value="password"/>

                  <module-option name="baseCtxDN" value="DC=domain,DC=com"/>

                  <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                  <module-option name="rolesCtxDN" value="CN=Users,dc=domain,dc=com"/>

                  <module-option name="roleFilter" value="(member={1})"/>

                  <module-option name="roleAttributeID" value="memberOf"/>

                  <module-option name="roleAttributeIsDN" value="true"/>

                  <module-option name="roleNameAttributeID" value="cn"/>

                  <module-option name="allowEmptyPasswords" value="false"/>

                  <module-option name="throwValidateError" value="true"/>

              </login-module>

              <login-module code="RoleMapping" flag="optional">

                  <module-option name="rolesProperties" value="file:${jboss.home.dir}/standalone/configuration/jbpm-roles.properties"/>

                  <module-option name="replaceRole" value="true"/>

              </login-module>

          </authentication>

      </security-domain>

       

       

       

      I have a database with username and userrole columns.

       

       

      I want to impliment something as follow:

       

       

          User logs in with AD username and password.

          user role corresponding to the user name is read from db unlike above configuration file ("file:${jboss.home.dir}/standalone/configuration/jbpm-roles.properties")

       

       

      I am wondering if there is any way that we can impliment db query in place of ("file:${jboss.home.dir}/standalone/configuration/jbpm-roles.properties") at

       

       

          <login-module code="RoleMapping" flag="optional">

                  <module-option name="rolesProperties" value="file:${jboss.home.dir}/standalone/configuration/jbpm-roles.properties"/>

                  <module-option name="replaceRole" value="true"/>

              </login-module>