[jboss-user] [Security & JAAS/JBoss] - Re: Role Authorization problem with Custom Authenticator
brengl
do-not-reply at jboss.com
Tue Feb 17 09:01:39 EST 2009
vparmar, I had forgotten that I made this inquiry, it seems you found a really old post. I appreciate the response though.
What I ended up doing here was creating a custom LoginModule instead of an Authenicator class. That ended up doing what I needed. The way I set it up was to require that an HTTP server with a valid Siteminder agent be in front of JBoss as a reverse proxy. My LoginModule would then take the encrypted SMSESSION cookie from the HTTP server and I could validate it with the Siteminder Policy Server and retrieve identity and authorization information from the Policy Server in order to create a user Principal. If there is no valid SMSESSION cookie present the login fails.
This doesn't create a true Siteminder 'agent' for JBoss, but it does allow integration with Siteminder through a reverse proxy.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210690#4210690
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210690
More information about the jboss-user
mailing list