1 Reply Latest reply on Jul 13, 2018 3:06 AM by Martin Choma

    Programmatically authentication (Soteria) fails with AuthenticationStatus = null

    developer74 Newbie

      Hi to all,

       

      I have a problem with the new JavaEE8 authentication (Soteria) and Wildfly 13.

       

      AuthenticationStatus status = this.securityContext.authenticate(

                          (HttpServletRequest) externalContext.getRequest(),

                          (HttpServletResponse) externalContext.getResponse(),

                          AuthenticationParameters.withParams()

                                  .credential(credential)

                                  .newAuthentication(!loginToContinue)

                                  .rememberMe(loginRequest.isRememberMe())

      );

      After this method-call, status is "null".

      The same works correct in Glassfish/Payara.

       

      I started a plain fresh Wildfly 13 with "-Dee8.preview.mode=true". No other changes were made at the Wildfly 13 installation.

       

      Is there some additional configuration needed in Wildlfy to get this authentication to work?

       

      Thanks very much for any advice in advance

      Ulrich

        • 1. Re: Programmatically authentication (Soteria) fails with AuthenticationStatus = null
          Martin Choma Master

          Do you reference jaspitest in your WEB-INF/jboss-web.xml inside the WAR?

           

          <?xml version="1.0" encoding="UTF-8"?>

          <jboss-web>

              <security-domain>jaspitest</security-domain>

          </jboss-web>

           

          jaspitest is prepared security domain in WildFly

           

          <security-domain name="jaspitest" cache-type="default">

              <authentication-jaspi>

                  <login-module-stack name="dummy">

                      <login-module code="Dummy" flag="optional"/>

                  </login-module-stack>

                  <auth-module code="Dummy"/>

              </authentication-jaspi>

          </security-domain>