[seam-issues] [JBoss JIRA] Commented: (JBSEAM-4452) Enable LdapIdentityStore to access LDAP via SSL

Shane Bryzak (JIRA) jira-events at lists.jboss.org
Thu Feb 10 04:23:46 EST 2011 

    [ https://issues.jboss.org/browse/JBSEAM-4452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12581317#comment-12581317 ] 

Shane Bryzak commented on JBSEAM-4452:
--------------------------------------

The easiest way to workaround this issue at the moment is to create a new class called MyLdapIdentityStore (or whatever), copy the code exactly from LdapIdentityStore and modify the initialiseContext() method to support SSL as suggested above.  This class has actually been removed from Seam 3 (and replaced by equivalent functionality in PicketLink) which is why this issue has not received priority.

> Enable LdapIdentityStore to access LDAP via SSL
> -----------------------------------------------
>
>                 Key: JBSEAM-4452
>                 URL: https://issues.jboss.org/browse/JBSEAM-4452
>             Project: Seam
>          Issue Type: Feature Request
>    Affects Versions: 2.2.0.GA
>         Environment: Ubuntu 9.04, JBoss AS 5.1.0 GA
>            Reporter: Marco Brizi
>            Assignee: Shane Bryzak
>              Labels: identitystore, ldap, ssl
>         Attachments: stacktrace.log
>
>
> The current LdapIdentityStore offers a good support for integrate an LDAP repository. Unfortunately, at the moment, there is no configuration to access it via SSL.
> The minimum support could be done by adding a new boolean attribute (for ex.  ssl-enabled)  in the ldap-identity-store element to offer the possibility to choose or not a secure communication.
> I've tried to implement this extension changing security-2.2.xsd and the LdapIdentityStore class.
> In the second file my work has been on new attribute getter/setter and on initialiseContext(String principal, String credentials) method just adding the following lines :
>  String ldapProtocol = "ldap";
>  if (isSslEnabled()) {
>   	  ldapProtocol = "ldaps";
>    	  env.setProperty(Context.SECURITY_PROTOCOL, "ssl");
>   }
>   String providerUrl = String.format("%s://%s:%d", ldapProtocol, getServerAddress(), getServerPort());
> In addition get the server certificate and set the -Djavax.net.ssl.trustStore=/path/to/keystore as JAVA_OPTS is needed.
> At the moment I'm able to initiate the communication with secure LDAP server but the Identity.authenticate causes a "javax.security.auth.login.LoginException: Login Failure: all modules ignored"
> The complete stacktrace is attached to the issue.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list