[
https://jira.jboss.org/jira/browse/JBSEAM-4452?page=com.atlassian.jira.pl...
]
Marco Brizi updated JBSEAM-4452:
--------------------------------
Description:
The current LdapIdentityStore offers a good support for integrate an LDAP repository.
Unfortunately, at the moment, there is no configuration to access it via SSL.
The minimum support could be done by adding a new boolean attribute (for ex. ssl-enabled)
in the ldap-identity-store element to offer the possibility to choose or not a secure
communication.
I've tried to implement this extension changing security-2.2.xsd and the
LdapIdentityStore class.
In the second file my work has been on new attribute getter/setter and on
initialiseContext(String principal, String credentials) method just adding the following
lines :
String ldapProtocol = "ldap";
if (isSslEnabled()) {
ldapProtocol = "ldaps";
env.setProperty(Context.SECURITY_PROTOCOL, "ssl");
}
String providerUrl = String.format("%s://%s:%d", ldapProtocol,
getServerAddress(), getServerPort());
In addition get the server certificate and set the
-Djavax.net.ssl.trustStore=/path/to/keystore as JAVA_OPTS is needed.
At the moment I'm able to initiate the communication with secure LDAP server but the
Identity.authenticate causes a "javax.security.auth.login.LoginException: Login
Failure: all modules ignored"
The complete stacktrace is attached to the issue.
was:
The current LdapIdentityStore offers a good support for integrate an LDAP repository.
Unfortunately, at the moment, there is no configuration to access it via SSL.
The minimum support could be done by adding a new boolean attribute (for ex. ssl-enabled)
in the ldap-identity-store element to offer the possibility to choose or not a secure
communication.
I've tried to implement this extension changing security-2.2.xsd and the
LdapIdentityStore class.
In the second file my work has been on new attribute getter/setter and on
initialiseContext(String principal, String credentials) method just adding the following
lines :
String ldapProtocol = "ldap";
if (isSslEnabled()) {
ldapProtocol = "ldaps";
env.setProperty(Context.SECURITY_PROTOCOL, "ssl");
}
String providerUrl = String.format("%s://%s:%d", ldapProtocol,
getServerAddress(), getServerPort());
In addition get the server certificate and set the
-D/usr/lib/jvm/java-6-sun=/path/to/keystore as JAVA_OPTS is needed.
At the moment I'm able to initiate the communication with secure LDAP server but the
Identity.authenticate causes a "javax.security.auth.login.LoginException: Login
Failure: all modules ignored"
The complete stacktrace is attached to the issue.
Enable LdapIdentityStore to access LDAP via SSL
-----------------------------------------------
Key: JBSEAM-4452
URL:
https://jira.jboss.org/jira/browse/JBSEAM-4452
Project: Seam
Issue Type: Feature Request
Affects Versions: 2.2.0.GA
Environment: Ubuntu 9.04, JBoss AS 5.1.0 GA
Reporter: Marco Brizi
Attachments: stacktrace.log
The current LdapIdentityStore offers a good support for integrate an LDAP repository.
Unfortunately, at the moment, there is no configuration to access it via SSL.
The minimum support could be done by adding a new boolean attribute (for ex.
ssl-enabled) in the ldap-identity-store element to offer the possibility to choose or not
a secure communication.
I've tried to implement this extension changing security-2.2.xsd and the
LdapIdentityStore class.
In the second file my work has been on new attribute getter/setter and on
initialiseContext(String principal, String credentials) method just adding the following
lines :
String ldapProtocol = "ldap";
if (isSslEnabled()) {
ldapProtocol = "ldaps";
env.setProperty(Context.SECURITY_PROTOCOL, "ssl");
}
String providerUrl = String.format("%s://%s:%d", ldapProtocol,
getServerAddress(), getServerPort());
In addition get the server certificate and set the
-Djavax.net.ssl.trustStore=/path/to/keystore as JAVA_OPTS is needed.
At the moment I'm able to initiate the communication with secure LDAP server but the
Identity.authenticate causes a "javax.security.auth.login.LoginException: Login
Failure: all modules ignored"
The complete stacktrace is attached to the issue.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira