subject:"\[jboss\-user\] \[Security \& JAAS\/JBoss\] \- Re\: Single Sign On with LDAP Examples"

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2009-07-11 Thread rathinaganesh

Thanks Wolfgang. I really appreciate your concern to help me.
Can anyone else help me?

Thanks,
Ganesh.

View the original post : 
http://www.jboss.org/index.html?module=bbop=viewtopicp=4243092#4243092

Reply to the post : 
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4243092
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2009-07-09 Thread Wolfgang Knauf

Hi,

I have to admit I don't know SSO, I had used only simple login modules up to 
now.
Digging around the docs,  I found that 
org.jboss.security.idm.UsernameAndPasswordLoginModule uses a provider 
attribute ( 
http://fisheye.jboss.org/viewrep/JBossSSO/dev/trunk/components/jboss_identity_management/src/main/org/jboss/security/idm/UsernameAndPasswordLoginModule.java
 ). If this is not present, it takes the default provider from a 
jboss.sso:service=IdentityManager MBean. Did you change there anything?

Maybe you could enhance the TRACE logging so that the LoginProvider logging is 
output, too.

But I fear I cannot help you much further.

Wolfgang

View the original post : 
http://www.jboss.org/index.html?module=bbop=viewtopicp=4242546#4242546

Reply to the post : 
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4242546
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2009-07-07 Thread rathinaganesh

Thanks Wolfgang. 
I did turn on the log and got the following message.


  | 2009-07-07 11:14:31,243 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] Security domain: 
jboss-sso
  | 2009-07-07 11:14:31,243 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] Saw 
unauthenticatedIdentity=guest
  | 2009-07-07 11:14:31,243 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] login
  | 2009-07-07 11:14:31,290 DEBUG 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] Bad password for 
username=tester
  | 2009-07-07 11:14:31,290 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] initialize, 
instan...@21101046
  | 2009-07-07 11:14:31,290 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] Security domain: 
jboss-sso
  | 2009-07-07 11:14:31,290 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] Saw 
unauthenticatedIdentity=guest
  | 2009-07-07 11:14:31,290 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] login
  | 2009-07-07 11:14:31,321 DEBUG 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] Bad password for 
username=tester
  | 2009-07-07 11:14:31,321 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] abort
  | 2009-07-07 11:14:31,321 TRACE 
[org.jboss.security.idm.UsernameAndPasswordLoginModule] abort
  | 2009-07-07 11:14:31,321 TRACE 
[org.jboss.security.plugins.JaasSecurityManager.jboss-sso] Login failure
  | javax.security.auth.login.FailedLoginException: Password Incorrect/Password 
Required
  | at 
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
  | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  | at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  | at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  | at java.lang.reflect.Method.invoke(Method.java:585)
  | 

I guess, the jboss-sso.sar is connecting to the OpenDS ldap server. However, in 
the test application ear file, it is not validating the password correctly.
You have mentioned something about the DynamicLoginConfig. I am using the 
DynamicLoginConfig, as you can see in the jboss-sso-test.ear file under 
jboss-service.xml


  | ?xml version=1.0 encoding=UTF-8?
  | server   
  |!-- hooking in a login module for the standalone version of JSF Forums 
--
  | !-- The custom JAAS login configuration that installs 
  |a Configuration capable of dynamically updating the
  |config settings
  |--
  |mbean code=org.jboss.security.auth.login.DynamicLoginConfig
  |   name=jboss.security.tests:service=LoginConfig
  |   attribute name=AuthConfigMETA-INF/security-config.xml/attribute
  |   depends optional-attribute-name=LoginConfigService
  |  jboss.security:service=XMLLoginConfig
  |   /depends
  |   depends optional-attribute-name=SecurityManagerService
  |  jboss.security:service=JaasSecurityManager
  |   /depends
  |/mbean
  | /server
  | 

For the DynamicLoginConfig, the following is the AuthConfig, I am using.
I am not sure, if this is correct. BTW, I did not modify anything in the 
jboss-sso-test.ear file, after building from the jboss trunk.


  | ?xml version='1.0'?
  | !DOCTYPE policy PUBLIC
  |   -//JBoss//DTD JBOSS Security Config 3.0//EN
  |   http://www.jboss.org/j2ee/dtd/security_config.dtd;
  | 
  | !-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
  | security domain used by the security-spec test case
  | --
  | policy
  | application-policy name=jboss-sso   
  |authentication
  |  login-module 
code=org.jboss.security.idm.UsernameAndPasswordLoginModule flag=sufficient
  | module-option 
name=unauthenticatedIdentityguest/module-option
  | module-option 
name=password-stackinguseFirstPass/module-option   
  | !--module-option name=hashAlgorithmMD5/module-option
  | module-option name=hashEncodingHEX/module-option--
  | module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option 

  |  /login-module
  |  login-module 
code=org.jboss.security.idm.UsernameAndPasswordLoginModule flag=sufficient
  | module-option 
name=unauthenticatedIdentityguest/module-option
  | module-option 
name=password-stackinguseFirstPass/module-option 
  | module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option 
 
  |  /login-module
  |   /authentication
  | /application-policy
  | /policy
  | 

Do, I need to do something in the 
JBOSS_HOME/server/default/conf/login-config.xml
Or is it trying to use the encrypted password or something.
Did someone get this jboss-sso-test.ear working?

Thanks,
Ganesh.

View the original post :

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2009-06-30 Thread Wolfgang Knauf

Hi Ganesh,

did you verify that your login module is used by JBoss? Did you activate 
logging of the security layer (follow the sticky post FAQ - READ THIS BEFORE 
POSTING in this forum, question 4 in the FAQ)?

Maybe you just did not post it, but I think you need a DynamicLoginConfig so 
that JBoss will find your own security-config.xml: 
http://www.jboss.org/community/wiki/DynamicLoginConfig

Hope this helps

Wolfgang

View the original post : 
http://www.jboss.org/index.html?module=bbop=viewtopicp=4240950#4240950

Reply to the post : 
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240950
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2009-06-29 Thread rathinaganesh

Greetings,

I am trying to do the same thing, Install Federated SSO and test it.
I am using 
Jboss-4.2.2.GA on Windows XP
OpenDS-1.2.0 on FreeBSD
I have set up the OpenDS for the testuser login.
Previously, I got the error as testuser is not activated.  So, I took out the 
source from the trunk mentioned above. Updated the trunk and build the sso sar 
and ear files.

The security-config.xml inside the jboss-sso-test.ear\META-INF looks like this


  | 
  | !-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
  | security domain used by the security-spec test case
  | --
  | policy
  | application-policy name=jboss-sso   
  |authentication
  |  login-module 
code=org.jboss.security.idm.UsernameAndPasswordLoginModule flag=sufficient
  | module-option 
name=unauthenticatedIdentityguest/module-option
  | module-option 
name=password-stackinguseFirstPass/module-option   
  | !--module-option name=hashAlgorithmMD5/module-option
  | module-option name=hashEncodingHEX/module-option--
  | module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option 

  |  /login-module
  |  login-module 
code=org.jboss.security.idm.UsernameAndPasswordLoginModule flag=sufficient
  | module-option 
name=unauthenticatedIdentityguest/module-option
  | module-option 
name=password-stackinguseFirstPass/module-option 
  | module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option 
 
  |  /login-module
  |   /authentication
  | /application-policy
  | /policy
  | 
  | 


The sso.cfg.xml file under jboss-sso.sar looks like this

  | 
  | login
  | provider id=si:jboss-sso:ldap:login 
class=org.jboss.security.idm.ldap.HashAlgorithmRemoverLDAPIdentityProvider
  | property name=connectionURL
  | 
jdbc:ldap://10.10.60.4:389/dc=jboss,dc=com?SEARCH_SCOPE:=subTreeScopesecure:=falseconcat_atts:=truesize_limit:=1000
  | /property
  | property 
name=usernameuid=admin,dc=jboss,dc=com/property
  | property name=passwordjbossrocks/property
  | property name=identityOuPeople/property
  | property name=roleOuroles/property
  | /provider
  | /login
  | 
  | 

and this is how it looks like in the ldapsearch


  | /usr/local/OpenDS-1.2.0/bin/ldapsearch -s sub -b 
cn=testuser,ou=People,dc=jboss,dc=com (objectclass=*)
  | dn: cn=testuser,ou=People,dc=jboss,dc=com
  | objectClass: person
  | objectClass: inetOrgPerson
  | objectClass: organizationalPerson
  | objectClass: top
  | mail: [EMAIL PROTECTED]
  | uid: test
  | cn: testuser
  | displayName: Test User
  | sn: true
  | 


When I try to use testuser and secret as login and password, I get login failed 
on the jsp. I am not getting any errors on the jboss server log.
On the OpenDS log, I see the following message. 


  | 
  | [29/Jun/2009:11:19:54 -0700] CONNECT conn=176 from=10.10.1.145:3241 
to=10.10.60.4:389 protocol=LDAP
  | [29/Jun/2009:11:19:54 -0700] BIND REQ conn=176 op=0 msgID=19 type=SIMPLE 
dn=uid=admin,dc=jboss,dc=com
  | [29/Jun/2009:11:19:54 -0700] BIND RES conn=176 op=0 msgID=19 result=0 
authDN=uid=admin,dc=jboss,dc=com etime=1
  | [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=176 op=1 msgID=20 
base=cn=testuser,ou=People,dc=jboss,dc=com scope=wholeSubtree 
filter=(objectClass=*) attrs=cn
  | [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=176 op=1 msgID=20 result=0 
nentries=1 etime=2
  | [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=176 op=2 msgID=21
  | [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=176 reason=Client Unbind
  | [29/Jun/2009:11:19:54 -0700] CONNECT conn=177 from=10.10.1.145:3242 
to=10.10.60.4:389 protocol=LDAP
  | [29/Jun/2009:11:19:54 -0700] BIND REQ conn=177 op=0 msgID=22 type=SIMPLE 
dn=uid=admin,dc=jboss,dc=com
  | [29/Jun/2009:11:19:54 -0700] BIND RES conn=177 op=0 msgID=22 result=0 
authDN=uid=admin,dc=jboss,dc=com etime=1
  | [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=177 op=1 msgID=23 
base=cn=testuser,ou=People,dc=jboss,dc=com scope=wholeSubtree 
filter=(objectClass=*) 
attrs=cn,sn,userPassword,givenName,displayName,o,employeeType,title,postalAddress,mail,telephoneNumber
  | [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=177 op=1 msgID=23 result=0 
nentries=1 etime=1
  | [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=177 op=2 msgID=24
  | [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=177 reason=Client Unbind
  | [29/Jun/2009:11:19:54 -0700] CONNECT conn=178 from=10.10.1.145:3243 
to=10.10.60.4:389 protocol=LDAP
  | [29/Jun/2009:11:19:54 -0700] BIND REQ conn=178 op=0 msgID=25 type=SIMPLE

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-05-10 Thread yyovkov

Hi again, 

again it is a little bit different. I compiled successfully the trunk, but I am 
not sure which package contain jboss sso, so I am not able to proceed with test.

This is the list of file in output-jars:
jboss-federation-server.ear
jboss-federation-server.jar
jboss-federation-server.sar
jboss-federation-server.war
jboss-identity-management.jar
jboss-saml.jar
jboss-security-common.jar
jboss-sso-portal.jar
jboss-sso-test.ear
jboss-sso-tomcat5.jar
test.war

Which one should be deployed to test LDAP connection?

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4149944#4149944

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4149944
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-05-10 Thread salaboy21

BE SURE TO UPDATE YOUR TRUNK BEFORE FOLLOWING THIS STEPS

If you configure trunk/components/build/local.properties 
with your deploy directory and your jboss install dir..
then you canri
run ant installSSO in trunk/components/build 
and all that you need will be copied to your deploy directory...

Then you need to go to trunk/components/jboss_federation_server
and run ant deploy-exploded

At this point you have jboss-sso.sar and jboss_federation_server.ear
in your deploy directory...
Now all you need is copy from trunk/components/output-jars/ 
the file called jboss-sso-test.ear to your deploy directory
and you can test SSO with LDAP

BE SURE TO UPDATE YOUR TRUNK BEFORE FOLLOWING THIS STEPS

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4149950#4149950

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4149950
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-05-09 Thread yyovkov

Hi Sohil, 

thank you, this realy works.

I will send in short time (few days) if the new version works fine with LDAP.

Regards,
Yovko Yovkov

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4149839#4149839

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4149839
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-05-01 Thread yyovkov

hi salaboy21, 
unfortunately there is a lot of java classess dependencies which I can not deal 
with. I am not able to compile this java source for myself and test it.
When we can expect to have compiled binary version of the packages?

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4148088#4148088

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4148088
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-05-01 Thread [EMAIL PROTECTED]

Try this-

Do a svn checkout: svn co http://anonsvn.jboss.org/repos/jboss-sso/dev/trunk

then go to trunk/components/build

and type ant clean main

This should create all the binaries you need under trunk/component/output-jars

Hope this helps

Thanks

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4148090#4148090

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4148090
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-30 Thread yyovkov

Hi salaboy21, 
is there any progress with this issue? 
Should I log the bug in jira?

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4147984#4147984

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4147984
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-30 Thread salaboy21

Yeap.. i have fix this bug... 
you must download and compile SSO from the trunk.. i can help you to do this...
and test it with any DS.. 
Let me know if you are using the trunk version (you must do an update)...
Then you must find a new class named 
HashAlgorithmRemoverLDAPIdentityProvider.java..
this class is the solution of this problem..

Let me know if something goes wrong...
I recommend you to only try local sign on with this class..
Because another fix is needed to cross domain sign on.. (i already wrote this 
but no
do the commit yet...)

Thanks!

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4147995#4147995

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4147995
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-30 Thread salaboy21

I wrote this steps in my personal blog...(but unfortunately are in spanish)
But i think you can figure out how to install JBoss SSO with some basic 
(language neutral)
step like:
1) Check out the sources with an svn Client (apt-get install subversion (or 
svn))

svn co http://anonsvn.jboss.org/repos/jboss-sso/dev/trunk/

2) edit the file ocal.properties
vi local.properties

change:


deploy.dir=default
jboss.home=/home//jboss-4.2.2.GA

3) then complile in
jboss-sso/components/build/
Run:

ant installSSO

and in:
../jboss_federation_server/

ant deploy-exploded

This are the basics...
then look in my blog the next steps of configuration..
ask me in my blog if you don't understand something..
[url]
http://salaboy.wordpress.com/2008/03/31/jboss-sso-tune-in-development-draft/
[/url]

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4148016#4148016

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4148016
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-30 Thread yyovkov

Hi salaboy21, 

can you give me some basic steps how to download and compile SSO from trunk? I 
do not have such experience. But I want to test LDAP interoperatability

Thank you for you effort!

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4148014#4148014

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4148014
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-12 Thread yyovkov

Hi Salaboy21:

1. Yes, I have commented out the hash algorithm line. To be sure, that it is 
commented out in proper way I remove it from the file.
2. I made the same with hash encoding
3. Here is the password: {MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==

This is how it look in all LDAP servers {HASHMechanism}Values...
So you should be aware of that. This is usefull if you do not know which hash 
algorithm is used to encode the password. In other words you do not need to 
specify which is the password for the users, but you can take this field from 
LDAP and work with proper hash algorithm for any user. Because, there are 
possibility one user password to use MD5, and other SHA-1...


View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4143624#4143624

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4143624
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-11 Thread yyovkov

Hi Salaboy, 

thank you for the information about test application. 
Unfortunately I did not succeed.
As I am very beginner in Java at all can you introduce me how does the settings 
must look like when the LDAP is setup to store the passwords in MD5 hash?

Thank you in advance!

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4143550#4143550

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4143550
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-11 Thread salaboy21

If you are use Fedora DS and it only save the password in a MD5, try to 
configurate it to store it in Plain format...
Today, iÂ´m doing the integration with openDS and I found a bug with hashed 
passwords in a crossdomain test...

If you are trying only to sign up in one domain your configuration in the test 
application will be something like this:

login-module code=org.jboss.security.idm.UsernameAndPasswordLoginModule 
flag=sufficient
  | 
  | module-option 
name=unauthenticatedIdentityguest/module-option
  | 
  | module-option 
name=password-stackinguseFirstPass/module-option   
  | 
  | !--module-option name=hashAlgorithmMD5/module-option--
  | 
  | module-option name=hashUserPasswordtrue/module-option
  | module-option name=hashStorePasswordfalse/module-option
  | 
  | module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option 

  | 
  |  /login-module

Note the value of hashUserPassword(true) , that cause if you in the form enter 
the password in plain text the LoginModule hash this password with the 
specified algorithm and then compare it with the Fedora DS stored password.

Let me know if this configuration work for you! 


View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4143556#4143556

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4143556

___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-11 Thread yyovkov

Hi salaboy21, 

here is my security-config.xml
--- cut ---
?xml version='1.0'?
!DOCTYPE policy PUBLIC
  -//JBoss//DTD JBOSS Security Config 3.0//EN
  http://www.jboss.org/j2ee/dtd/security_config.dtd;

!-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
security domain used by the security-spec test case
--

application-policy name=jboss-sso
   
 login-module 
code=org.jboss.security.idm.UsernameAndPasswordLoginModule flag=sufficient
module-option name=unauthenticatedIdentityguest/module-option
module-option name=password-stackinguseFirstPass/module-option
!--module-option name=hashAlgorithmMD5/module-option
module-option name=hashEncodingHEX/module-option--

module-option name=hashUserPasswordtrue/module-option
module-option name=hashStorePasswordfalse/module-option

module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option
 /login-module
 login-module 
code=org.jboss.security.idm.UsernameAndPasswordLoginModule flag=sufficient
module-option name=unauthenticatedIdentityguest/module-option
module-option name=password-stackinguseFirstPass/module-option
module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option
 /login-module
  
/application-policy

--- cut ---

I am still not able to connect to FedoraDS. I have also tried to connect to 
OpenLDAP server,  but with changed password of the user to be MD5 hashed, not 
playntext. It also did not work.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4143566#4143566

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4143566
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-11 Thread salaboy21

First of all.. 

  |  !--module-option name=hashAlgorithmMD5/module-option
  | module-option name=hashEncodingHEX/module-option-- 
  | 
  | 

did you comment out the hash algorithm?? (with !--) 
second try to remove hash encoding property.. 
and third.. browse your LDAP store.. and show me(post it here) your hashed 
password with MD5.. 

I'm thinking that posibble have the same problem that i have with OpenDS.. 
(OpenDS use a schema that append the hash algorithm used to the hash password. 
Ex: {SHA}jk432lkj432j4j32l432.. do you look something like this in Fedora DS?

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4143581#4143581

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4143581
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-06 Thread salaboy21

change the configuration in the jboss-sso-test.ear/META-INF/security-config.xml


  | login-module code=org.jboss.security.idm.UsernameAndPasswordLoginModule 
flag=sufficient
  | 
  | module-option 
name=unauthenticatedIdentityguest/module-option
  | 
  | module-option 
name=password-stackinguseFirstPass/module-option   
  | 
  | !--module-option name=hashAlgorithmSHA-1/module-option--
  | 
  | module-option name=hashUserPasswordfalse/module-option
  | module-option name=hashStorePasswordfalse/module-option
  | 
  | module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option 

  | 
  |  /login-module
  | 
Pay attention to the hashAlgorithm, hashUserPassword and hashStoredPassword. 
Here is where you specified what password need to be hashed and what algorithm 
you must use...
This file is under the jboss-sso-test.ear .. so you must explode the file to 
change it easily.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141893#4141893

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141893
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-06 Thread aamonten

take a look at http://www.jboss.com/index.html?module=bbop=viewtopict=133123 
If you have doubts about how to use it, please do not post it at the Design of 
security forum, do it here.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141942#4141942

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141942
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-05 Thread yyovkov

Hi all, 

I believe I found where is the problem with jboss sso and Fedora Directory 
Server (FDS). Here is some short explanation:

When using LDAP  and you set user password, OpenLDAP server store the password 
as plaintext. But FDS always store this value as hashed string (SSHA, MD5 ... 
so on). So it means that Authentication module should be aware of how the 
password is stored.

Btw, is JBoss SSO is actively developing or not?

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141859#4141859

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141859
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread yyovkov

Thank you aamonten, but if it is not secret, what does it mean:
sn=true

To put it into user dn? Or ??? 

Please, do not hide the truth.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141719#4141719

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141719
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread aamonten

Actually I have not a lot experience with LDAP, so I'm not sure if sn has a 
special meaning. But by looking at the source I discovered that it checks if 
sn=true the account is activated, anything different than true and it would be 
deactivated.

regards
Alejandro

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141726#4141726

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141726
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread aamonten

yyovkov wrote : Thank you aamonten, but if it is not secret, what does it 
mean:
  | sn=true
  | 
  | To put it into user dn? Or ??? 
  | 
  | Please, do not hide the truth.

Sorry, I didn't understood exactly what was your question. take a look at 
thomascremers LDAP schema above in the thread.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141729#4141729

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141729
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread yyovkov

I found what you want to say.
User entry should contain:
--- cut ---
dn: cn=Test User,ou=People, dc=foo,dc=bar
...
sn: true
...
--- cut ---

I put that and error in the jboss output user not activated did not appear, 
but the web interface still not able to check password;
 Login Failed..

How can I use other attribute, different than sn to mark user as active?

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141736#4141736

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141736
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread yyovkov

I found what you want to say.
User entry should contain:
--- cut ---
dn: cn=Test User,ou=People, dc=foo,dc=bar
...
sn: true
...
--- cut ---

I put that and error in the jboss output user not activated did not appear, 
but the web interface still not able to check password;
 Login Failed..

Which file contains the requirements that sn should be set up to true? Yes, 
this field is dedicated for other information. If this is hardcoded, we have to 
inform developers.

aamonten, thank you for your help!

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141737#4141737

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141737
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread salaboy21

sn in ldap means Surname but seams that the developers use that field to 
indicate that the account is activeted or not, so if you put this value in the 
ldap schema file in true your account will be activated.. I think that 
developers use this field beacause is a standard field in all ldap directory 
servers.
 

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141744#4141744

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141744
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread yyovkov

OK, salaboy21.
That is good, but even that, the SSO test application doesn't work.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141748#4141748

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141748
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread salaboy21

Another thing that you could look is the user name in the sso.cfg.xml
mine for open ldap is 
cn=admin,dc=nodomain 
look for the dc=nodomain 
And yes .. sn is hardcoded 
look at the following lines in the LDAPLoginProvider.java: 
   
  ;
  | String cour = rs.getString(sn);
  | boolean active = (new Boolean(cour)).booleanValue();
  |


View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141750#4141750

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141750
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread salaboy21

with witch ldap server are you working?
and what schema are you using? 
Beacause you must set the next variables: 


  | property name=usernamecn=admin,dc=nodomain/property
  | 
  | property name=passwordpassword/property
  | 
  | property name=identityOuPeople/property
  | 
  | property name=roleOuroles/property
  | 

where roles and People must be and OperationUnit (OU) in your schema.


View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141753#4141753

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141753
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread aamonten

Yes, it is hard coded at org.jboss.security.idm.ldap.LDAPIdentityProvider, this 
is the snippet where the active property is setted:


  | String cour = rs.getString(sn);
  | boolean active = (new Boolean(cour)).booleanValue();
  | String pass  = rs.getString(userPassword);
   
  | String givenName = rs.getString(givenName);
  | String companyName = rs.getString(o);
  | String companyRole = rs.getString(employeeType);
  | String companyTitle = rs.getString(title);
  | String postalAddress = rs.getString(postalAddress);
  | 
  | //populate the identity
  | identity = new Identity();
  | identity.setUserName(cn);
  | identity.setPassword(pass.getBytes());
  | identity.setActive(active);
  | 

At this moment Mauricio (Salaboy21) and I are working on adding features and 
fixing bugs, so we will consider these, but need to discuss it with Sohil Shah 
who is the owner of the project.
I will contact him.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141755#4141755

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141755
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread yyovkov

I am currently trying to setup Fedora Directory Server. But also have tested 
with OpenLDAP. Yes, the fields are setup properly, I checked the LDAP logs and 
the server responds correctly ... 
But Web Application does not understand. Did you succeed to login in test app?

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141757#4141757

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141757
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread salaboy21

Yes... with openldap and opends.. with diferent configurations.
Here is my schema for open ldap. 

  | # Base
  | dn: dc=nodomain
  | dc: foo
  | objectClass: top
  | objectClass: dcObject
  | objectClass: organization
  | o: No Domain
  | 
  | 
  | # People ou where we attach the users 
  | dn: ou=People, dc=nodomain
  | ou: People
  | objectClass: top
  | objectClass: organizationalUnit
  | 
  | # A basic inetOrgPerson
  | dn: cn=user,ou=People, dc=nodomain
  | sn: true
  | userPassword: secret
  | mail: [EMAIL PROTECTED]
  | displayName: user
  | objectClass: top
  | objectClass: person
  | objectClass: organizationalPerson
  | objectClass: inetOrgPerson
  | uid: test
  | cn: user
  | 
  | # The ou where we attach roles/groups 
  | dn: ou=roles, dc=nodomain
  | ou: roles
  | objectClass: top
  | objectClass: organizationalUnit
  | 
  | # A test group member of roles ou
  | dn: cn=TestGroup,ou=roles, dc=nodomain
  | ou: TestGroup
  | objectClass: top
  | objectClass: groupOfUniqueNames
  | uniqueMember: cn=user,ou=People
  | cn: TestGroup
  | 


Also i remember that i must explode the jboss-sso-test.ear and change the 
configuration in the jboss-sso-test.ear/META-INF/security-config.xml

to: 

  | login-module code=org.jboss.security.idm.UsernameAndPasswordLoginModule 
flag=sufficient
  | 
  | module-option 
name=unauthenticatedIdentityguest/module-option
  | 
  | module-option 
name=password-stackinguseFirstPass/module-option   
  | 
  | !--module-option name=hashAlgorithmSHA-1/module-option--
  | 
  | module-option name=hashUserPasswordfalse/module-option
  | module-option name=hashStorePasswordfalse/module-option
  | 
  | module-option 
name=authenticatedRolesAuthenticated,RegisteredUsers/module-option 

  | 
  |  /login-module

Hope it helps! Let me know if you have some troubles!

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141758#4141758

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141758
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread aamonten

yyovkov wrote : I am currently trying to setup Fedora Directory Server. But 
also have tested with OpenLDAP. Yes, the fields are setup properly, I checked 
the LDAP logs and the server responds correctly ... 
  | But Web Application does not understand. Did you succeed to login in test 
app?

Yes we did it both with OpenLDAP and OpenDS.. please look at your log file if 
there should be any problems.

JBOSS_HOME/server/default/logs/server.log

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141759#4141759

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141759
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread yyovkov

First, thank you for your attention.

Here is the log from jboss server, during unsuccessful login:
--- cut ---
 Apr 2008 00:14:13
2008-04-05 00:14:13,931 DEBUG [com.arjuna.ats.arjuna.logging.arjLogger] 
AtomicActionRecoveryModule: Second pass 
2008-04-05 00:14:13,931 DEBUG [com.arjuna.ats.txoj.logging.txojLoggerI18N] 
[com.arjuna.ats.internal.txoj.recovery.TORecoveryModule_6] - TORecoveryModule - 
second pass
2008-04-05 00:14:13,931 DEBUG [com.arjuna.ats.jta.logging.loggerI18N] 
[com.arjuna.ats.internal.jta.recovery.info.secondpass] Local XARecoveryModule - 
second pass
--- cut ---

And here is the LDAP log:
--- cut --
05/Apr/2008:00:14:03 +0300] conn=66 op=0 BIND dn=cn=Directory Manager 
method=128 version=3
[05/Apr/2008:00:14:03 +0300] conn=66 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn=cn=directory manager
[05/Apr/2008:00:14:03 +0300] conn=66 op=1 SRCH base=cn=Test 
User,ou=People,dc=yyovkov,dc=net scope=2 filter=(objectClass=*) attrs=cn
[05/Apr/2008:00:14:03 +0300] conn=66 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[05/Apr/2008:00:14:03 +0300] conn=66 op=2 UNBIND
[05/Apr/2008:00:14:03 +0300] conn=66 op=2 fd=67 closed - U1
[05/Apr/2008:00:14:03 +0300] conn=67 fd=68 slot=68 connection from 127.0.0.1 to 
127.0.0.1
[05/Apr/2008:00:14:03 +0300] conn=67 op=0 BIND dn=cn=Directory Manager 
method=128 version=3
[05/Apr/2008:00:14:03 +0300] conn=67 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn=cn=directory manager
[05/Apr/2008:00:14:03 +0300] conn=67 op=1 SRCH base=cn=Test 
User,ou=People,dc=yyovkov,dc=net scope=2 filter=(objectClass=*) attrs=cn sn 
userPassword givenName displayName o employeeType title postalAddress mail 
telephoneNumber
[05/Apr/2008:00:14:03 +0300] conn=67 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[05/Apr/2008:00:14:03 +0300] conn=67 op=2 UNBIND
[05/Apr/2008:00:14:03 +0300] conn=67 op=2 fd=68 closed - U1
[05/Apr/2008:00:14:03 +0300] conn=68 fd=67 slot=67 connection from 127.0.0.1 to 
127.0.0.1
[05/Apr/2008:00:14:03 +0300] conn=68 op=0 BIND dn=cn=Directory Manager 
method=128 version=3
[05/Apr/2008:00:14:03 +0300] conn=68 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn=cn=directory manager
[05/Apr/2008:00:14:03 +0300] conn=68 op=1 SRCH base=cn=Test 
User,ou=People,dc=yyovkov,dc=net scope=2 filter=(objectClass=*) attrs=cn
[05/Apr/2008:00:14:03 +0300] conn=68 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[05/Apr/2008:00:14:03 +0300] conn=68 op=2 UNBIND
[05/Apr/2008:00:14:03 +0300] conn=68 op=2 fd=67 closed - U1
[05/Apr/2008:00:14:03 +0300] conn=69 fd=68 slot=68 connection from 127.0.0.1 to 
127.0.0.1
[05/Apr/2008:00:14:03 +0300] conn=69 op=0 BIND dn=cn=Directory Manager 
method=128 version=3
[05/Apr/2008:00:14:03 +0300] conn=69 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn=cn=directory manager
[05/Apr/2008:00:14:03 +0300] conn=69 op=1 SRCH base=cn=Test 
User,ou=People,dc=yyovkov,dc=net scope=2 filter=(objectClass=*) attrs=cn sn 
userPassword givenName displayName o employeeType title postalAddress mail 
telephoneNumber
[05/Apr/2008:00:14:03 +0300] conn=69 op=1 RESULT err=0 tag=101 nentries=1 
etime=0
[05/Apr/2008:00:14:03 +0300] conn=69 op=2 UNBIND
[05/Apr/2008:00:14:03 +0300] conn=69 op=2 fd=68 closed - U1

--- cut ---

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141763#4141763

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141763
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread yyovkov

Hm ... I think I found where is the problem. The user: cn=user... doesn't have 
sufficient rights to read the directory. So I will change settings into 
directory Tree and will post result here. Probably tomorrow.

Thank you for your help!

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141772#4141772

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141772
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread [EMAIL PROTECTED]

Alejandro and Mauricio are correct.

The LDAPIdentityProvider is designed to use the InetOrgPerson schema which is 
standard LDAP schema.

However, I think the use of cn and sn in its current implementation is not 
correct.

I would prefer to use uid instead of cn, and still not sure how to represent 
the activation field.

using sn is confusing.

I initially used these, since the LDAP repo that I was connecting with had the 
data setup that way.

However, its time the out-of-the-box LDAP impl moves away from that semantics 
and uses uid and something else for representing account activation

Part of the reason I have not changed it, is also keeping backward 
compatibility with existing users who have setup their LDAP repo based on this 
impl.

I think the cleanest approach will be leave this LDAPIdentityProvider impl as 
is, and introduce a new one that maps the data in a more standard manner.

I apologize for the confusion that the hackish usage of 'sn' created ;)

If I were Hillary Clinton then I would say I mis-coded ;)

Thanks




View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141802#4141802

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141802
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-04 Thread [EMAIL PROTECTED]

Guys-

You can track this issue here: http://jira.jboss.com/jira/browse/JBSSO-37

Until then when using the out-of-the-box impl make sure the 'sn' field in your 
repo is used to represent true' or false value that indicates whether an 
account is activated or not.

You can ofcourse create your own IdentityProvider or extend this to fit 
whatever schema you have set up in your environment

Thanks


View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4141804#4141804

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4141804
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-04-02 Thread aamonten

tamilnandhu wrote : Hi buddy,
  | 
  | Thanks for the post.
  | 
  | 
  | I tested with your post and able to create users in LDAP (verifieed with 
ldap browser) and tried to run the test login page which comes with the 
jboss-sso-1.0CR1 package..
  | 
  | when i gave the user created (TestUer) in LDAP, it says login failed. when 
i look at the jboss server command prompt, it says The user has not been 
activated-TestUser something like this.
  | 
  | But when i gave the admin or Directory manager users, it simply says Login 
Failed and no error on the jboss command prompt..
  | 
  | I looked at the ldap.log file, ther i was found some entries that, the 
jboss searched for the user TestUser (nearly 3 to 5 times).
  | 
  | Please tell me why this error comes and give me solution to resolve this 
one.
  | 
  | 
  | 

Set : sn=true that will activate the user

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=414#414

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=414
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-03-30 Thread yyovkov

I have the same problem - when I try to log on to the test application I 
receive an error  The specified account has not been activated-
My question here is: What does it means and how can I activate user

@tamilnandhu:
About the error for user admin: The user admin is specified in 
dc=foo,dc=bar, not in ou=People, dc=foo,dc=bar. So, for the application 
this user does not exist.

Regards!

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4139933#4139933

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4139933
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-03-28 Thread tamilnandhu

Hi buddy,

Thanks for the post.


I tested with your post and able to create users in LDAP (verifieed with ldap 
browser) and tried to run the test login page which comes with the 
jboss-sso-1.0CR1 package..

when i gave the user created (TestUer) in LDAP, it says login failed. when i 
look at the jboss server command prompt, it says The user has not been 
activated-TestUser something like this.

But when i gave the admin or Directory manager users, it simply says Login 
Failed and no error on the jboss command prompt..

I looked at the ldap.log file, ther i was found some entries that, the jboss 
searched for the user TestUser (nearly 3 to 5 times).

Please tell me why this error comes and give me solution to resolve this one.




View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4139555#4139555

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4139555
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2008-03-28 Thread tamilnandhu

Hi,

Also, please tell me the purpose of the SSO Trust Server



Thanks,
Nandhu.

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4139557#4139557

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4139557
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2007-04-17 Thread thomascremers

I have been on big quest as well to get this working. The documentation leaves 
a lot to be desired but here is what I did to get it working.

First a basic LDAP schema

  | # Base
  | dn: dc=foo,dc=bar
  | dc: foo
  | objectClass: top
  | objectClass: dcObject
  | objectClass: organization
  | o: Foo Bar
  | 
  | # Ldap admin user
  | dn: cn=admin, dc=foo,dc=bar
  | userPassword:: secret
  | description: LDAP administrator
  | objectClass: simpleSecurityObject
  | objectClass: organizationalRole
  | cn: admin
  | 
  | # People ou where we attach the users 
  | dn: ou=People, dc=foo,dc=bar
  | ou: People
  | objectClass: top
  | objectClass: organizationalUnit
  | 
  | # A basic inetOrgPerson
  | dn: cn=Test User,ou=People, dc=foo,dc=bar
  | sn: Test
  | userPassword:: secret
  | mail: [EMAIL PROTECTED]
  | displayName: Test User
  | objectClass: top
  | objectClass: person
  | objectClass: organizationalPerson
  | objectClass: inetOrgPerson
  | uid: test
  | cn: Test User
  | 
  | # The ou where we attach roles/groups 
  | dn: ou=roles, dc=foo,dc=bar
  | ou: roles
  | objectClass: top
  | objectClass: organizationalUnit
  | 
  | # A test group member of roles ou
  | dn: cn=TestGroup,ou=roles, dc=foo,dc=bar
  | ou: TestGroup
  | objectClass: top
  | objectClass: groupOfUniqueNames
  | uniqueMember: cn=Test User,ou=People
  | cn: TestGroup
  | 

Now the importent part is of course the jboss-sso.sar/conf/sso.cfg.xml file. 
For the ldap schema above this would look like this:


  | ?xml version='1.0' encoding='ISO-8859-1'?
  | 
  | jboss-sso
  | identity-management
  | login
  | provider id=si:jboss-sso:ldap:login 
class=org.jboss.security.idm.ldap.LDAPIdentityProvider
  | property name=connectionURL 
jdbc:ldap://ldap.domain.com:389/dc=foo,dc=bar?SEARCH_SCOPE:=subTreeScopesecure:=falseconcat_atts:=truesize_limit:=1000/property
  | property 
name=usernamecn=admin,dc=foo,dc=bar/property
  | property name=passwordsecret/property
  | !-- ou that contains all your 
inetOrgPersons --
  | property 
name=identityOuPeople/property
  | !-- ou that contains your groups --
  | property name=roleOuroles/property
  | /provider
  | /login
  | !--login
  | provider id=si:jboss-sso:demo:login 
class=org.jboss.security.idm.demo.DemoLoginProvider/ 
 
  | /login--
  | /identity-management
  | sso-processor
  | processor 
class=org.jboss.security.saml.JBossSingleSignOn
  | !-- Conf this to your sso jboss server --
  | property 
name=trustServerhttp://sso-jboss.domain.com:8080/federate/trust/property
  | /processor
  | /sso-processor
  | /jboss-sso
  |  

Really importend here is to verify then you have set identityOU and roleOU to 
the right values. If there is an error here you will get No such object jdbc 
errors witch of course is an ldap error telling you it can't find the ou. I use 
openldap and set the loglevel property to 265, witch makes debuging jboss-sso a 
whole lot easier. 

If you tail the ldap log and start the sso service you should see jboss-sso 
connecting and scanning in the roles. If so and you can confirm the sso startup 
in the jboss server.log you are done.

Hope this helpt



View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4037902#4037902

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4037902
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security JAAS/JBoss] - Re: Single Sign On with LDAP Examples

2007-04-13 Thread JavaWings

dittos

View the original post : 
http://www.jboss.com/index.html?module=bbop=viewtopicp=4037225#4037225

Reply to the post : 
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4037225
___
jboss-user mailing list
[EMAIL PROTECTED]
https://lists.jboss.org/mailman/listinfo/jboss-user

45 matches

Mail list logo