[jboss-user] [Security JAAS/JBoss] - Re: Identity/Access Management/SSO UseCases
I would like to see more flexibility for JBossSX to interact with client for obtaining various type of credentials. When doing SSO, it's almost impossible to avoid doing HTTP redirects, set and delete cookies and other HTTP operations. It is therefore very beneficial to add a HTTP Callback to enable a JAAS Login Module to do all these stuff. At the moment, there's only username password call back. So developers have to workaround it using valves to interact with the user. SAP WebAS' JAAS API is an example that has this HTTP Callback. Developing custom sso authentication module for SAP WebAS is a breeze because of this. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4137257#4137257 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4137257 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: How to set custom authenticator for JBoss 5.x
Actually I mean the Tomcat Authenticator and not the JAAS Login Modules. The JAAS Login Module settings is alright. But the authenticator settings is not picked up by JBoss. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4132352#4132352 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4132352 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Tomcat 5.5 login module compatibility?
You can enable debug. Refer to question 4 http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ The last time i mess with custom principal, I end up having to extend SimplePrincipal to be compliant. Worse case, you can always decompile your current module to verify your suspicions View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4131314#4131314 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4131314 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Using database for authorization ONLY?
If i remember well. when the LdapExtLoginModule flag = optional the login will not fail as long as your next login module works to return the roles. Of course your next module's flag need to be 'required' If you really have to modify the ldap login module, just modify the LdapExtLoginModule's getRoleSets() method to return a dummy blank set. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4131317#4131317 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4131317 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: How does the Authorization delegate access the sharedSta
Said too soon, the EJB Authorization Delegate could not retrieve Request object since the Resource instance is that of EJBResource Anyway for the EJB Authorization Delegate to retrieve the Request object? or Anyway to pass something to the EJB Authorization Delegate from Authentication? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4130033#4130033 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4130033 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: How does the Authorization delegate access the sharedSta
Workaround the problem by using custom Principal in Login Module. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4130284#4130284 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4130284 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: How does the Authorization delegate access the sharedSta
Found a way by using Authenticator to set an attribute to HttpSession in Request object and getting back the attribute in Authorization Delegate class via WebResource's getServletRequest() Still couldn't find a way for Authentication Module to do this. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4130009#4130009 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4130009 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Using database for authorization ONLY?
Try to set under the database login module to bypass authentication module-option name=password-stackinguseFirstPass/module-option If this doesn't work, then you've to modify the db login module to only lookup roles and skip authentication View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4130011#4130011 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4130011 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: JBoss Portal and SiteMinder integration
If you can front JBoss AS with a SiteMinder supported web server, you can consider to use this http://wiki.jboss.org/wiki/Wiki.jsp?page=GenericHeaderBasedAuthentication View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4130017#4130017 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4130017 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - How does the Authorization delegate access the sharedState?
With JBoss 5.x authorization module is now available. However, how does the authorization delegate access the sharedState which is located at the Authorization module? For example, how can the authorization delegate get back the variables set by the authentication module like below : sharedState.put(javax.security.auth.login.name, username); sharedState.put(javax.security.auth.login.password, password); (sharedState is a java.util.Map object in the login module and az module) View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4129608#4129608 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4129608 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: How to Use Windows SSO
If you are using NTLM then you can probably try this http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4129542#4129542 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4129542 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - How to set custom authenticator for JBoss 5.x
How do we set a custom authenticator for JBoss 5.x ? I tried with editing \jboss-5.0.0.Beta3\server\default\deployers\jbossweb.deployer\META-INF\war-deployers-beans.xml but it doesn't seem to pick up the new settings. With JBoss 4.0.5 it was with \jboss-4.0.5.GA\server\default\deploy\jbossweb-tomcat55.sar\META-INF\jboss-service.xml View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4128999#4128999 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4128999 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: LdapExtLoginModule.java bug? Blank password login succes
Cool! I tried the allowEmptyPasswords option. Works like a charm. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4126136#4126136 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4126136 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - LdapExtLoginModule.java bug? Blank password login successful
Is it me or is it a bug? I tried to login with a username that exist in LDAP but with BLANK password. The login was successful. login-config.xml Configuration as below login-module code=org.jboss.security.auth.spi.LdapExtLoginModule flag=required module-option name=java.naming.provider.urlldap://127.0.0.1:389/module-option module-option name=bindDNcn=Directory Manager/module-option module-option name=bindCredentialpassword/module-option module-option name=baseCtxDNou=People,o=domain.com/module-option module-option name=baseFilter(uid={0})/module-option module-option name=rolesCtxDNou=Groups,o=domain.com/module-option module-option name=roleFilter(uniqueMember={1})/module-option module-option name=roleAttributeIDcn/module-option module-option name=roleAttributeIsDNfalse/module-option module-option name=roleNameAttributeIDcn/module-option module-option name=roleRecursion2/module-option module-option name=searchScopeSUBTREE_SCOPE/module-option /login-module View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4126004#4126004 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4126004 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Custom Authenticator class not found
Actually I tried that after posting this topic, but got the same error. I edited the run.bat to include the jar file -classpath %JBOSS_CLASSPATH%;C:\jbosscustauth.jar error as below: 2008-01-07 11:02:38,796 ERROR [org.jboss.web.tomcat.security.config.JBossContextConfig] Failed to customize authenticators:: java.lang.ClassNotFoundException: TestAuthenticator at java.net.URLClassLoader$1.run(URLClassLoader.java:199) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:187) at java.lang.ClassLoader.loadClass(ClassLoader.java:289) at java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:575) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at org.jboss.web.tomcat.security.config.JBossContextConfig.getAuthenticators(JBossContextConfig.java:108) View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4117426#4117426 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4117426 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Custom Authenticator class not found
Found the problem to be compiler JDK version. Referring to http://wiki.jboss.org/wiki/Wiki.jsp?page=DeterminingClassVersionFromADotClassFile I found the bytecode major version to be jdk 1.5 Compiled back with 1.4 and the problem is gone. Strange though, that the error was not java.lang.UnsupportedClassVersionError View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4117440#4117440 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4117440 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Custom Authenticator class not found
JBOSS 4.0.5GA Wrote a similar Authenticator to GenericHeaderAuthenticator (http://wiki.jboss.org/wiki/Wiki.jsp?page=GenericHeaderBasedAuthentication) and placed the jar file at jboss-4.0.5.GA\server\default\deploy\jbossweb-tomcat55.sar However JBoss can't find it throwing error java.lang.ClassNotFoundException: TestAuthenticator Tried to place at jboss-4.0.5.GA\server\default\lib jboss-4.0.5.GA\lib but JBoss does not find it as well. Even tried to place the class file inside jboss-4.0.5.GA\server\default\deploy\jbossweb-tomcat55.sar\tomcat55-service.jar Where should I place the custom authenticator in order for JBoss to find it? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4116962#4116962 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4116962 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - What version of jbosssx JBOSS 5.0 beta2 is using?
What version of jbosssx/spiJ the JBOSS AS 5.0 beta2 is using? I am using the jbosssx framework 2.0.0 GA binaries and source. The code does not compile well with the jar binaries bundled with JBOSS 5.0 Beta2, while the 2.0.0 binaries does not run on JBOSS 5.0 Beta 2. (I'm writing the pluggable authorization module, org.jboss.security.authorization.modules) How should I go ab't it? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4095992#4095992 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4095992 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: Support for Authorization Modules
Got some reply. 4.0.x does not support Authorization Modules View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4048816#4048816 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4048816 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Support for Authorization Modules
From the jbosssx project, I found what I need to create is a module like the ones under org.jboss.security.authorization.modules org.jboss.security.authorization.modules.web/ejb However, I did not find this package under JBoss Application Server version 4.0.5 GA 's jbosssx.jar Is the roadmap for supporting these authorization modules just for JBoss AS 5.x only? or is there a plan to support it with 4.0.x ? or it is already supported with 4.0.5 ? Thanks. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4047513#4047513 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4047513 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user