Elytron SASL client authentication
178 views
Skip to first unread message
praneeth kumar
Nov 7, 2022, 12:10:09 PM11/7/22
to WildFly
Hi All,
<authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<sasl-mechanism-selector selector="JBOSS-LOCAL-USER" />
<!-- <set-mechanism-properties>
<property key="wildfly.sasl.local-user.quiet-auth" value="true" />
</set-mechanism-properties> -->
<set-user-name name="user"/>
<credentials>
<clear-password password="passwordUser2"/>
</credentials>
<set-mechanism-realm name="myRealm" />
</configuration>
</authentication-configurations>
</authentication-client>
<jboss-ejb-client xmlns="urn:jboss:wildfly-client-ejb:3.0">
<connections>
<connection uri="remote+http://localhost:8080" />
</connections>
</jboss-ejb-client>
Im trying to implement a remote client authentication on the JAAS module which is running on Wildfly server . Below are the details of use case -
1) Wildfly server
- Created JAAS module and configured it with domain and JAAS realm .
- Also attached the same JAAS module with Wildfly management
i have written an elytron Java client to invoke the wildly JAAS, including all the Authentication Configurations, Matching Rules and the Authentication context.
The call is not invoking to JAAS. sharing the wildfly-config.xml and standalone.xml configurations below.
Note : Http JAAs Authentication(deployed rest client on the same server) is working and
tested the Management console with HTTP authentication factory is working fine. but not working with JAVA Elytron client, as it is using "removing+http" protocol following the Sail authentication factory.
wildly-config.xml
=============
<configuration><authentication-client xmlns="urn:elytron:1.0">
<authentication-rules>
<rule use-configuration="default"/>
</authentication-rules>
<authentication-configurations>
<configuration name="default">
<sasl-mechanism-selector selector="JBOSS-LOCAL-USER" />
<!-- <set-mechanism-properties>
<property key="wildfly.sasl.local-user.quiet-auth" value="true" />
</set-mechanism-properties> -->
<set-user-name name="user"/>
<credentials>
<clear-password password="passwordUser2"/>
</credentials>
<set-mechanism-realm name="myRealm" />
</configuration>
</authentication-configurations>
</authentication-client>
<jboss-ejb-client xmlns="urn:jboss:wildfly-client-ejb:3.0">
<connections>
<connection uri="remote+http://localhost:8080" />
</connections>
</jboss-ejb-client>
</configuration>
standalone.xml
===========
attaching for reference
Diana Krepinska
Nov 9, 2022, 9:08:57 AM11/9/22
to WildFly
Hello, I am not sure if this is the cause of your issue, but if your login module from the jaas-realm uses EJB lookup, you have to change the address to use “global” for the EJB to be discovered.
Diana Krepinska
Nov 9, 2022, 9:22:29 AM11/9/22
to WildFly
Also, try to change the JBOSS-LOCAL-USER in wilfdly-config.xml to "DIGEST-MD5" mechanism.
Reply all
Reply to author
Forward
0 new messages