We are running on JBoss 4.2.3 (previously 4.2.2).
We added another policy to login-config.xml, named "ShibUserPassAuth".
It appears that JBoss does not honour the creation of JAAS contexts
by the application. So, it would be logical to assume that the
ShibUserPassAuth context is not created at the application level, but
the login part does find it, as JBoss has pre-defined it at the
container level. Here is our config - please try it out - if it works
for you also, we can add it to the wiki:
This should work with ActiveDirectory also with the usual caveats
about AD such as the global catalog port, referrals etc.
<application-policy name="ShibUserPassAuth">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="required">
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://xxxxx:10389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">
,ou=users,o=xxxxxxxxx</module-option>
<module-option name="rolesCtxDN"> ou=Roles,o=trc </module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false </module-option>
<module-option
name="java.naming.security.principal">uid=bind,ou=system</module-option>
<module-option
name="java.naming.security.credentials">xxxxxxxxxxxxxxx</module-option>
</login-module>
</authentication>
</application-policy>
2008/10/30 Thomas Kessler <djk...@gmail.com>:
--
Ahmed Choudhry
General Manager,
شركة الخليج للنظم البينة
Gulf Open Systems Co. (Oman)
P.O. Box 395
P.C. 111 CPO Seeb, Sultanate of Oman
Phone: +968 24475299
Mobile: +968 95335428