[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples

[salaboy21]

If you are use Fedora DS and it only save the password in a MD5, try to configurate it to store it in Plain format...
Today, i´m doing the integration with openDS and I found a bug with hashed passwords in a crossdomain test...

If you are trying only to sign up in one domain your configuration in the test application will be something like this:

<login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
  | 
  |             <module-option name="unauthenticatedIdentity">guest</module-option>                        
  | 
  |             <module-option name="password-stacking">useFirstPass</module-option>           
  | 
  |             <!--module-option name="hashAlgorithm">MD5</module-option-->
  | 
  |             <module-option name="hashUserPassword">true</module-option>
  |             <module-option name="hashStorePassword">false</module-option>
  | 
  |             <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>             
  | 
  |          </login-module>	

Note the value of hashUserPassword(true) , that cause if you in the form enter the password in plain text the LoginModule hash this password with the specified algorithm and then compare it with the Fedora DS stored password.

Let me know if this configuration work for you! 


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4143556#4143556

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4143556