[
https://issues.jboss.org/browse/AS7-5180?page=com.atlassian.jira.plugin.s...
]
Hisanobu Okuda updated AS7-5180:
--------------------------------
Description:
I configured <jaas> for management interface in host.xml of domain mode as follow:-
{code:xml}
<security-realm name="ldap_security_realm">
<authentication>
<jaas name="managementLDAPDomain"/>
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management"
port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket interface="management"
port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
{code}
And added security-domain in domain.xml as follow:-
{code:xml}
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="managementLDAPDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required">
<module-option name="java.naming.factory.initial"
value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url"
value="ldap://dhcp-107.winlab.fab.redhat.com:389"/>
<module-option name="java.naming.security.authentication"
value="simple"/>
<module-option name="bindDN"
value="cn=Administrator,cn=users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com"/>
...
{code}
But, an authentication failed and I got a message "The web console could not be
loaded. Authentication required." in the console. It seems that host.xml need to have
security-domain section similar to standalone.xml. "-jaas" of JVM option does
not work as well.
was:
I configured <jaas> for management interface in host.xml of domain mode as follow:-
{code:xml}
<security-realm name="ldap_security_realm">
<authentication>
<jaas name="managementLDAPDomain"/>
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management"
port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket interface="management"
port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
...
(skip)
...
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="managementLDAPDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required">
<module-option name="java.naming.factory.initial"
value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url"
value="ldap://dhcp-107.winlab.fab.redhat.com:389"/>
<module-option name="java.naming.security.authentication"
value="simple"/>
<module-option name="bindDN"
value="cn=Administrator,cn=users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com"/>
...
{code}
But, an authentication failed and I got a message "The web console could not be
loaded. Authentication required." in the console. It seems that host.xml need to have
security-domain section similar to standalone.xml. "-jaas" of JVM option does
not work as well.
Forum Reference:
https://community.jboss.org/message/747913 (was:
https://community.jboss.org/message/747913)
jaas tag for management interface does not work in domain mode
--------------------------------------------------------------
Key: AS7-5180
URL:
https://issues.jboss.org/browse/AS7-5180
Project: Application Server 7
Issue Type: Bug
Components: Console, Security
Affects Versions: 7.1.2.Final (EAP)
Reporter: Hisanobu Okuda
Assignee: Heiko Braun
Labels: eap6
I configured <jaas> for management interface in host.xml of domain mode as
follow:-
{code:xml}
<security-realm name="ldap_security_realm">
<authentication>
<jaas name="managementLDAPDomain"/>
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management"
port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket interface="management"
port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
{code}
And added security-domain in domain.xml as follow:-
{code:xml}
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="managementLDAPDomain">
<authentication>
<login-module
code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required">
<module-option name="java.naming.factory.initial"
value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url"
value="ldap://dhcp-107.winlab.fab.redhat.com:389"/>
<module-option name="java.naming.security.authentication"
value="simple"/>
<module-option name="bindDN"
value="cn=Administrator,cn=users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com"/>
...
{code}
But, an authentication failed and I got a message "The web console could not be
loaded. Authentication required." in the console. It seems that host.xml need to have
security-domain section similar to standalone.xml. "-jaas" of JVM option does
not work as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira