1

On our website's login page we ask for user name and password and pass those into server over SSL. We then pass those credentials to our Active Directory server unencrypted logging into the server with our service account credentials. I've tried dozens of different configurations (this seems to be a common problem) but can't get authenticated.

Here is the security subsystem from my standalone.xml

<subsystem xmlns="urn:jboss:domain:security:1.2">
    <security-domains>
         <security-domain name="other" cache-type="default">
             <authentication>
               <login-module code="Remoting" flag="optional">
                  <module-option name="password-stacking" value="useFirstPass"/>
               </login-module>
               <login-module code="RealmDirect" flag="required">
                  <module-option name="password-stacking" value="useFirstPass"/>
               </login-module>
             </authentication>
         </security-domain>
         <security-domain name="JAXUser" cache-type="default">
             <authentication>
               <login-module code="Remoting" flag="optional">
                 <module-option name="password-stacking" value="useFirstPass"/>
               </login-module>
               <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                 <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                 <module-option name="java.naming.provider.url" value="ldap://ldap-server.jax.org:389"/>
                 <module-option name="java.naming.security.authentication" value="simple"/>
                 <module-option name="searchScope" value="SUBTREE_SCOPE"/>
                 <module-option name="bindDN" value="cn=svc-SampleTracker"/>
                 <module-option name="bindCredential" value="myPassword"/>
                 <module-option name="baseCtxDN" value="dc=jax,dc=org"/>
                 <module-option name="baseFilter" value="(sAMAccountName={0})"/>
                 <module-option name="allowEmptyPasswords" value="false"/>
                 <module-option name="throwValidateError" value="true"/>
                 <module-option name="roleRecursion" value="1"/>
                 <!-- Not using roles at this point -->
               </login-module>
             </authentication>
        </security-domain>
        <security-domain name="jboss-web-policy" cache-type="default">
        <authorization>
            <policy-module code="Delegating" flag="required"/>
        </authorization>
        </security-domain>
        <security-domain name="jboss-ejb-policy" cache-type="default">
            <authorization>
               <policy-module code="Delegating" flag="required"/>
            </authorization>
        </security-domain>
    </security-domains>
</subsystem>

And here is XML for my ApplicationRealm:

<security-realm name="ApplicationRealm">
     <server-identities>
       <ssl>
         <keystore path="server.keystore" 
          relative-to="jboss.server.config.dir" 
          keystore-password="blahblahblah" alias="server"
          key-password="blahblahblah" />
      </ssl>
      </server-identities>
         <authentication>
            <truststore path="server.truststore" 
              relative-to="jboss.server.config.dir" 
              keystore-password="blahblah" />
          <!-- this is the user that made the request to the server -->
          <ldap connection="LdapConnection" 
                       base-dn="dc=jax, dc=org" recursive="true">
                    <username-filter attribute="sAMAccountName" />
           </ldap>
        </authentication>
</security-realm>

Any suggestions would be appreciated and attempted.

jbarrymore
  • 11
  • 2

0 Answers0