2 Replies Latest reply on Jul 3, 2017 10:20 PM by Yoshimasa Tanabe

    Wildfly Swarm security domain configuration

    Obakeng Balatseng Newbie

      Hi guys,

       

      We are trying to migrate a project from Wildfly 10 to Wildfly Swarm 2017.6, and we have a reached a stumbling block porting the security-domain. Our security domain is configured as follows:

       

      <security-domain name="sec-id">

         <authentication-jaspi>

         <login-module-stack name="sec-id-module-stack">

         <login-module code="com.obbi.domain.security.loginmodule.jwt.JWTLoginModule" flag="sufficient" module="com.obbi.domain.security">

         <module-option name="expectedIssuer" value="CN=DI SIT signer"/>

         <module-option name="expectedAudience" value="Obbi"/>

         <module-option name="allowedClockSkewInSeconds" value="30"/>

         <module-option name="validateTokenSignature" value="false"/>

         <module-option name="maxFutureValidityInMinutes" value="525600"/>

         <module-option name="keyStoreFilePath" value="C:/wildfly-10.1.0.Final/standalone/configuration/keystore.jks"/>

         <module-option name="keyStorePassword" value="obbi123"/>

         <module-option name="validateCertificate" value="false"/>

         <module-option name="loadSystemPrincipals" value="true"/>

         <module-option name="loadSystemPrincipalsEndpoint" value="https://test.obbi.co.za:9443/services/v1/obbi-id?page=0&amp;size=1000&amp;username=%s"/>

         <module-option name="skipAllValidators" value="true"/>

         </login-module>

         </login-module-stack>

         <auth-module code="com.obbi.domain.security.JASPICServerAuthModule" flag="required" login-module-stack-ref="sec-id-module-stack"/>

         </authentication-jaspi>

      </security-domain>

       

      We also have a standard module configured on com.obbi.domain.security. The module is just a standard module as follows:

       

      <module xmlns="urn:jboss:module:1.3" name="com.obbi.domain.security">

        <resources>

          <resource-root path="domain-service-security-jboss-2.0-SNAPSHOT.jar"/>

          <resource-root path="domain-service-security-client-2.0-SNAPSHOT.jar"/>

          <resource-root path="jose4j-0.5.0.jar"/>

        </resources>

        <dependencies>

          <module name="org.jboss.as.web"/>

          <module name="org.jboss.logging"/>

          <module name="org.picketbox"/>

          <module name="javax.api"/>

          <module name="javax.security.auth.message.api"/>

          <module name="javax.servlet.api"/>

        </dependencies>

      </module>

       

      I can't find any wildfly swarm security fragment mappings that match to the subsystem. May I ask if they do exist, and if there is any documentation on them, of if anyone can assist in this forum can assist?

       

      Regards