[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples

Tue Jul 7 15:06:04 EDT 2009

Thanks Wolfgang. 
I did turn on the log and got the following message.

  | 2009-07-07 11:14:31,243 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Security domain: jboss-sso
  | 2009-07-07 11:14:31,243 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Saw unauthenticatedIdentity=guest
  | 2009-07-07 11:14:31,243 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] login
  | 2009-07-07 11:14:31,290 DEBUG [org.jboss.security.idm.UsernameAndPasswordLoginModule] Bad password for username=tester
  | 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] initialize, instance=@21101046
  | 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Security domain: jboss-sso
  | 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] Saw unauthenticatedIdentity=guest
  | 2009-07-07 11:14:31,290 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] login
  | 2009-07-07 11:14:31,321 DEBUG [org.jboss.security.idm.UsernameAndPasswordLoginModule] Bad password for username=tester
  | 2009-07-07 11:14:31,321 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] abort
  | 2009-07-07 11:14:31,321 TRACE [org.jboss.security.idm.UsernameAndPasswordLoginModule] abort
  | 2009-07-07 11:14:31,321 TRACE [org.jboss.security.plugins.JaasSecurityManager.jboss-sso] Login failure
  | javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
  | 	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  | 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  | 	at java.lang.reflect.Method.invoke(Method.java:585)
  | 

I guess, the jboss-sso.sar is connecting to the OpenDS ldap server. However, in the test application ear file, it is not validating the password correctly.
You have mentioned something about the DynamicLoginConfig. I am using the DynamicLoginConfig, as you can see in the jboss-sso-test.ear file under jboss-service.xml

  | <?xml version="1.0" encoding="UTF-8"?>
  | <server>   
  |    <!-- hooking in a login module for the standalone version of JSF Forums -->
  |     <!-- The custom JAAS login configuration that installs 
  |        a Configuration capable of dynamically updating the
  |        config settings
  |    -->
  |    <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
  |       name="jboss.security.tests:service=LoginConfig">
  |       <attribute name="AuthConfig">META-INF/security-config.xml</attribute>
  |       <depends optional-attribute-name="LoginConfigService">
  |          jboss.security:service=XMLLoginConfig
  |       </depends>
  |       <depends optional-attribute-name="SecurityManagerService">
  |          jboss.security:service=JaasSecurityManager
  |       </depends>
  |    </mbean>
  | </server>
  | 

For the DynamicLoginConfig, the following is the AuthConfig, I am using.
I am not sure, if this is correct. BTW, I did not modify anything in the jboss-sso-test.ear file, after building from the jboss trunk.

  | <?xml version='1.0'?>
  | <!DOCTYPE policy PUBLIC
  |       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
  |       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
  | 
  | <!-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
  | security domain used by the security-spec test case
  | -->
  | <policy>
  |     <application-policy name="jboss-sso">       
  |        <authentication>
  |          <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
  |             <module-option name="unauthenticatedIdentity">guest</module-option>                        
  |             <module-option name="password-stacking">useFirstPass</module-option>           
  |             <!--module-option name="hashAlgorithm">MD5</module-option>
  |             <module-option name="hashEncoding">HEX</module-option-->
  |             <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>             
  |          </login-module>
  |          <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
  |             <module-option name="unauthenticatedIdentity">guest</module-option>                        
  |             <module-option name="password-stacking">useFirstPass</module-option> 
  |             <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>          
  |          </login-module>
  |       </authentication>
  |     </application-policy>
  | </policy>
  | 

Do, I need to do something in the <JBOSS_HOME>/server/default/conf/login-config.xml
Or is it trying to use the encrypted password or something.
Did someone get this jboss-sso-test.ear working?

Thanks,
Ganesh.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4242283#4242283

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4242283