[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples
rathinaganesh
do-not-reply at jboss.com
Tue Jul 7 15:06:04 EDT 2009
Thanks Wolfgang.
I did turn on the log and got the following message.
| 2009-07-07 11:14:31,243 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Security domain: jboss-sso
| 2009-07-07 11:14:31,243 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Saw unauthenticatedIdentity=guest
| 2009-07-07 11:14:31,243 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] login
| 2009-07-07 11:14:31,290 DEBUG [org.jboss.security.idm.UsernameAndPasswordLoginModule] Bad password for username=tester
| 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] initialize, instance=@21101046
| 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Security domain: jboss-sso
| 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Saw unauthenticatedIdentity=guest
| 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] login
| 2009-07-07 11:14:31,321 DEBUG [org.jboss.security.idm.UsernameAndPasswordLoginModule] Bad password for username=tester
| 2009-07-07 11:14:31,321 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] abort
| 2009-07-07 11:14:31,321 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] abort
| 2009-07-07 11:14:31,321 TRACE [org.jboss.security.plugins.JaasSecurityManager.jboss-sso] Login failure
| javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
|
I guess, the jboss-sso.sar is connecting to the OpenDS ldap server. However, in the test application ear file, it is not validating the password correctly.
You have mentioned something about the DynamicLoginConfig. I am using the DynamicLoginConfig, as you can see in the jboss-sso-test.ear file under jboss-service.xml
| <?xml version="1.0" encoding="UTF-8"?>
| <server>
| <!-- hooking in a login module for the standalone version of JSF Forums -->
| <!-- The custom JAAS login configuration that installs
| a Configuration capable of dynamically updating the
| config settings
| -->
| <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
| name="jboss.security.tests:service=LoginConfig">
| <attribute name="AuthConfig">META-INF/security-config.xml</attribute>
| <depends optional-attribute-name="LoginConfigService">
| jboss.security:service=XMLLoginConfig
| </depends>
| <depends optional-attribute-name="SecurityManagerService">
| jboss.security:service=JaasSecurityManager
| </depends>
| </mbean>
| </server>
|
For the DynamicLoginConfig, the following is the AuthConfig, I am using.
I am not sure, if this is correct. BTW, I did not modify anything in the jboss-sso-test.ear file, after building from the jboss trunk.
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
|
| <!-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
| security domain used by the security-spec test case
| -->
| <policy>
| <application-policy name="jboss-sso">
| <authentication>
| <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| <!--module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">HEX</module-option-->
| <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>
| </login-module>
| <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
|
Do, I need to do something in the <JBOSS_HOME>/server/default/conf/login-config.xml
Or is it trying to use the encrypted password or something.
Did someone get this jboss-sso-test.ear working?
Thanks,
Ganesh.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4242283#4242283
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4242283
More information about the jboss-user
mailing list