We use JBossWeb Valves/Authenticators in AS7/JBossWeb.
Undertow currently just handles the standard mechanisms
(gss,form,basic,client-cert,digest) via the LoginConfig construct.
I am wondering if it is possible to update the builder API to change to
overriden implementations of the mechanisms for example: FORM. In my
case, the SAMLAuthenticationMechanism would be a subclass of
I think Bill Burke has a similar use case where he would like to inject
an OAuth driven Auth Mechanism.
I guess as a start the builder api should be updated. Not sure how it
On 04/24/2013 04:04 PM, Stuart Douglas wrote:
If you are configuring Undertow programmatically you need to add a
io.undertow.security.handlers.AuthenticationMechanismsHandler to the
handler chain that has your authentication mechanism.
Unfortunately we don't have a way of hooking this up into the Wildfly
config yet, although it will not be a very big job. Regarding config
options for AS7 there are a few possibilities:
1) Allow the user to specify the class name and module in JBoss Web to
configure per app, and same in standalone.xml for global authenticators.
2) Introduce a servlet loader based mechanism to allow mechanisms to be
loaded and associated with a simple name. This name could then be
specified in the web.xml login config. In the subsystem you could list
all the modules that you want to load authentication mechanisms from.
This has the advantage that internal class names do not leak out into
3) Some other way??
I am leaning towards option 2. I think it should be possible to get this
integrated into the next Undertow release early next week.
Anil Saldhana wrote:
> I am trying to figure out how to set up the authentication mechanisms
> in undertow. If I write an authentication mechanism involving saml, how
> do I make the web apps using that mechanism.
> Any links to test cases.