HTTP/Form with LDAP Authentication gives 'Internal Error'
Hello,
I'm try trying to enable authentication for a webapp using an http form post ( action='j_security_check', input='j_username' and 'j_password' ).
When the form is submitted the server responds with an internal error.
The war deployed for testing purpose contains a very small web.xml
| web.xml ( relevant part ) |
|---|
<login-config> <security-constraint>
<web-resource-collection> <web-resource-name>ExploitationProtectedWebResourceCollection</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection>
<auth-constraint> <role-name>reader</role-name> </auth-constraint> </security-constraint>
<auth-method>FORM</auth-method> <realm-name>stvaDefaultRealm</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> </form-login-config> </login-config>
<security-role> <role-name>reader</role-name> </security-role> |
Here is the jboss-web.xml
| jboss-web.xml |
|---|
<?xml version="1.0"?> <jboss-web> <security-domain>java:/jaas/stvaDefaultRealm</security-domain> </jboss-web> |
please note, I also tryed to specify the security domain this way 'java:stvaDefaultRealm' and this way 'stvaDefaultRealm'.
I use the standalone-full configuration attached to this post. It has been modified using the following CLI commands :
| CLI Commands |
|---|
batch /subsystem=elytron/dir-context=stvaDomainConnection:add(url="ldap://this_is_a_valid_ldap_host",principal="ou=People,ou=challenge3test,dc=stva,dc=com",credential-reference={clear-text="-----"})
/subsystem=elytron/ldap-realm=StvaLdapRealm:add(dir-context=stvaDomainConnection,identity-mapping={search-base-dn="ou=People,ou=challenge3test,dc=stva,dc=com",rdn-identifier="uid",user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,ou=challenge3test,dc=stva,dc=com",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]}) /subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles) /subsystem=elytron/security-domain=stvaLdapSecurityDomain:add(realms=[{realm=StvaLdapRealm,role-decoder=from-roles-attribute}],default-realm=StvaLdapRealm,permission-mapper=default-permission-mapper) /subsystem=elytron/http-authentication-factory=stva-ldap-http-auth:add(http-server-mechanism-factory=global,security-domain=stvaLdapSecurityDomain,mechanism-configurations=[{mechanism-name=FORM,mechanism-realm-configurations=[{realm-name=stvaDefaultRealm}]}])
/subsystem=undertow/application-security-domain=stvaDefaultRealm:add(http-authentication-factory=stva-ldap-http-auth)
run-batch |
The result is the same regardless of the version of Wildfly used ( 11 or 12 ).
I've seen many tutorials explaining how to setup this, and they all look the same, so I'm guessing there is a very obvious mistake on my side. Can someone help to spot what I am doing wrong ?
I use a proxy to see if the LDAP server is requested at some point and it turns out its is not : no LDAP request is ever made.
thanks
-
standalone-full.xml.zip 6.2 KB
