[jboss-jira] [JBoss JIRA] (AS7-5180) jaas tag for management interface does not work in domain mode

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Thu Aug 2 09:09:04 EDT 2012 

    [ https://issues.jboss.org/browse/AS7-5180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709428#comment-12709428 ] 

Darran Lofthouse commented on AS7-5180:
---------------------------------------

Yes this is not possible as as the security domain defined in the domain.xml is not available within the host controller process.
                
> jaas tag for management interface does not work in domain mode
> --------------------------------------------------------------
>
>                 Key: AS7-5180
>                 URL: https://issues.jboss.org/browse/AS7-5180
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Console, Security
>    Affects Versions: 7.1.2.Final (EAP)
>            Reporter: Hisanobu Okuda
>            Assignee: Darran Lofthouse
>              Labels: eap6
>             Fix For: 7.2.0.Alpha1
>
>
> I configured <jaas> for management interface in host.xml of domain mode as follow:-
> {code:xml}
>   <security-realm name="ldap_security_realm">
>     <authentication>
>       <jaas name="managementLDAPDomain"/>
>     </authentication>
>       </security-realm>
>     </security-realms>
>     <management-interfaces>
>       <native-interface security-realm="ManagementRealm">
>     <socket interface="management" port="${jboss.management.native.port:9999}"/>
>       </native-interface>
>       <http-interface security-realm="ManagementRealm">
>     <socket interface="management" port="${jboss.management.http.port:9990}"/>
>       </http-interface>
>     </management-interfaces>
>   </management>
> {code}
> And added security-domain in domain.xml as follow:-
> {code:xml}
>         <subsystem xmlns="urn:jboss:domain:security:1.1">
>             <security-domains>
>           <security-domain name="managementLDAPDomain">
>         <authentication>
>           <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
>             <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
>             <module-option name="java.naming.provider.url" value="ldap://dhcp-107.winlab.fab.redhat.com:389"/>
>             <module-option name="java.naming.security.authentication" value="simple"/>
>             <module-option name="bindDN" value="cn=Administrator,cn=users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com"/>
>             ...
> {code}
> But, an authentication failed and I got a message "The web console could not be loaded. Authentication required." in the console. It seems that host.xml need to have security-domain section similar to standalone.xml. "-jaas" of  JVM option does not work as well.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list