1 Reply Latest reply on Jun 26, 2019 4:50 AM by Samuel Ebenezer A

    JBoss EAP 7.1 + IIS - How to do Windows Domain Login

    Samuel Ebenezer A Newbie

      We have a web application that runs on JBoss EAP 5.1 and is using IIS through ISAPI redirect. In IIS, the virtual application is configured to use Windows authentication using HTTP 401 challenge (provider = NTLM). And, in JBoss, Tomcat authentication under AJP is set to false. The user is authenticated by Windows (present on domain) and the user is checked if registered in application's DB or not. To do so, we read the user-name from facesFacade.getExternalContext().getUserPrincipal().getName().


      Now, I try to migrate this to JBoss EAP 7.1. I have configured IIS and the request reaches JBoss. I get a prompt from Windows to enter username and password. When I do so, the logged in username does not seem to reach JBoss. Method like getUserPrincipal() always return null. I understand that I have to do some more configuration like security-domain / realm and specify Login Module so that JBoss properly populates facesFacade.getExternalContext().getUserPrincipal().getName() with value.


      Can some one guide me on how to do this? I tried the below, without any luck.


      (1) Added security-realm as other under login-config of web.xml

      (2) Added System property "org.apache.coyote.ajp.DEFAULT_TOMCAT_AUTHENTICATION" with value as "false" in standalone-full.xml


      All I need to achieve is to get the logged in user-name that is authenticated by Windows.