0 Replies Latest reply on Mar 13, 2008 9:55 AM by MARCELLO RIBEIRO

    GSSAPI - AUTHENTICATION

    MARCELLO RIBEIRO Newbie

      HI,

      I AM USING ACTIVE DIRECTORY TO AUTHENTICATE MY APPLICATION USERS.

      I PUT LOGIN CONFIGURATION ON LOGIN-CONFIG.XML AND I AM USING LdapExtLoginModule AS BELLOW.

      <application-policy name="AD">

      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient">
      <module-option name="java.naming.provider.url">ldap://srvspfs.softtek.com.br:389/</module-option>
      <module-option name="java.naming.security.authentication">GSSAPI</module-option>
      <module-option name="bindDN">cn=Wellington de Oliveira Ferro,ou=GASS,ou=SP,dc=softtek,dc=com,dc=br</module-option>
      <module-option name="bindCredential">Turbo43!</module-option>
      <module-option name="baseCtxDN">dc=softtek,dc=com,dc=br</module-option>
      <module-option name="rolesCtxDN">ou=SP,dc=softtek,dc=com,dc=br</module-option>
      <module-option name="baseFilter">(sAMAccountName={0})</module-option>
      <module-option name="roleFilter">(member={1})</module-option>
      </login-module>
      </application-policy>

      WHEN I AM USING java.naming.security.authentication AS simple, THERE IS NO PROBLEM. THE APPLICATION AUTHENTICATE OK.

      BUT WHEN I TRY TO CHANGE THIS FOR SOME ENCRYPTED AND SAFE SECURITY LIKE (GSSAPI OR Digest-MD5) IT SIMPLY DOESNT WORK.

      ANYBODY KNOWS HOW TO PUT IT WORKING?
      THE MISSION IS TO GUARANTEE SAFE COMUNICATION BETWEEN JBOSS/JASS AND ACTIVE DIRECTORY.

      THE LAST EXCEPTION IS:
      Caused by: javax.security.auth.login.LoginException: Missing users.properties file.
      BUT I AM NOT USING users.properties... i am going to autheticate in ldap server!!!