Wildfly 10 and ldaps integration
george.liolios Sep 9, 2016 4:52 AMI have create a new security domain in standalone.xml file:
<security-domain name="LDAPAuth">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldaps://10.0.0.11:636"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="CN=admin user,OU=It,OU=Employees,OU=SOL sa,DC=sol,DC=solsa,DC=gr"/>
<module-option name="bindCredential" value="somepasswd"/>
<module-option name="baseCtxDN" value="OU=SOL sa,DC=sol,DC=solsa,DC=gr"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="OU=SOL sa,DC=sol,DC=solsa,DC=gr"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
In web.xml I have add:
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>LDAPgroup</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LDAPAuth</realm-name>
<form-login-config>
<form-login-page>/members/logon/login.jsp</form-login-page>
<form-error-page>/members/logon/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>Domain users</role-name>
</security-role>
I create jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/LDAPAuth</security-domain>
</jboss-web>
The user login fail to loginError.jsp with Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required in log.
Any idea?