1 Reply Latest reply on Feb 1, 2005 8:42 AM by tcherel

Which way to authenticate?? 2003 Domain

zer0n3 Feb 1, 2005 8:28 AM

After sifting thru one post after another I think I see 3 basic forms of authentication for JBoss:

jCFIS from the samba group
LDAP
tagish

Here is my situation:
I am an ERP Technical Admin for a number of purchased applications that are given to us with an old version of JBoss (not sure exactly which version of JBoss;3.x.x'ish bundled with Tomcat 4.1).

My goal:
To implement some sort of NT Authentication
Problems:
I am not the application developer (no acess to code is what I mean) so any/all changes to impliment this have to be done only to the JBoss install.

What are my options? Which of the 3 is best for my situation? Is this even possible?

I need to know all the configuration files to modify and the exact syntax since I am pretty new to administering JBoss/Tomcat.

Thanks guys,
-Z

1. Re: Which way to authenticate?? 2003 Domain

tcherel Feb 1, 2005 8:42 AM (in response to zer0n3)

If the 2003 domain is using Active Directory (which, I think, is always the case), then LDAP is probably your best bet since Active Directory is LDAP compatible and the corresponding JAAS login module is delivered in standard with JBoss.

As long as the application is using J2EE standard authentication (JAAS), thent he application code should not have to be changed.

The thing that you need to figure out is where the user/role associations are coming from. 2003 domain do not have the notion of a role (just groups). You have to figure out if extra LDAP attributes must be created in your LDAP (Active Directory) to add the role or if you want to use the groups as roles, or something else.

One you figured that out, depending of the answer, the default LDAP JAAS login module might just work for you or you might have to add your own code.

For the configuration, there are enough post in this forum to help you with the settings. The JBoss PDF manual are also a very good starting points.

Thomas
Actions