0 Replies Latest reply on Jun 28, 2017 12:26 PM by Baruch Volkov

    Container Authentication with JBoss 6.4

    Baruch Volkov Newbie

      Hi

       

      I have an application that implemented Container Authentication with LDAP and works fine in Tomcat but I can't make work in JBoss

       

      Tomcat setup:

         server.xml

       

      .

      <Realm  className="org.apache.catalina.realm.JNDIRealm"

                              debug="99"

      connectionName="xxxxxxx"

      connectionPassword="yyyyyy"

      connectionURL="ldap://zzzzz.com:389"

                      alternateURL="ldap://zzzzz.com:389"

      userBase="DC=zzz,DC=com"

      userSubtree="true"

      referrals="follow"

      userSearch="(sAMAccountName={0})"

      roleBase="dc=zzz,dc=com"

      roleName="sAMAccountName"

      roleSearch="(member={0})"

      roleSubtree="true"/>

       

      application web.xml

      .

      <security-constraint>

        <display-name>Security</display-name>

        <web-resource-collection>

          <web-resource-name>Entry Point</web-resource-name>

          <url-pattern>/acegi/authentication_target_dummy.jsp</url-pattern>

        </web-resource-collection>

      <auth-constraint>

          <role-name>Product Support</role-name>

         <role-name>Generic Support</role-name>

      </auth-constraint>

        </security-constraint>

      .

      .

        <security-role>

          <role-name>Product Support</role-name>

          <role-name>Generic Support</role-name>

        </security-role>

      .

       

      JBoss setup

       

      standalone.xml:

      .

                      <security-domain name="ad_security_domain">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                                  <module-option name="password-stacking" value="useFirstPass"/>

                                  <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                  <module-option name="java.naming.provider.url" value="ldap://zzzzzzz:389"/>

                                  <module-option name="java.naming.security.authentication" value="simple"/>

                                  <module-option name="bindDN" value="xxxxxxxxx"/>

                                  <module-option name="bindCredential" value="yyyyyyyyyyy"/>

                                  <module-option name="baseCtxDN" value="dc=zzz,dc=com"/>

                                  <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                                  <module-option name="rolesCtxDN" value="dc=zzz,dc=com"/>

                                  <module-option name="roleFilter" value="(member={0})"/>

                                  <module-option name="roleAttributeID" value="cn"/>

                                  <module-option name="throwValidateError" value="true"/>

                                  <module-option name="java.naming.referral" value="follow"/>

                                  <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                                  <module-option name="unauthenticatedIdentity" value="unauthenticated"/>

                                  <module-option name="allowEmptyPasswords" value="false"/>

                              </login-module>

                          </authentication>

                      </security-domain>

      .

       

      jboss-web.xml:

       

      <?xml version="1.0"?>

      <jboss-web>

          <security-domain>ad_security_domain</security-domain>

      </jboss-web>

       

      application web.xml is the same

       

      in the jboss log I am getting

       

      .

      JBWEB001038: Security role name Product Support used in an <auth-constraint> without being defined in a <security-role>

      .

       

      What is missing?

       

      any help is appreciated

       

      Thanks

       

      Bar