[jboss-jira] [JBoss JIRA] (AS7-5180) jaas tag for management interface does not work in domain mode
Hisanobu Okuda (JIRA)
jira-events at lists.jboss.org
Tue Jul 17 01:42:06 EDT 2012
[ https://issues.jboss.org/browse/AS7-5180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hisanobu Okuda updated AS7-5180:
--------------------------------
Description:
I configured <jaas> for management interface in host.xml of domain mode as follow:-
{code:xml}
<security-realm name="ldap_security_realm">
<authentication>
<jaas name="managementLDAPDomain"/>
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
{code}
And added security-domain in domain.xml as follow:-
{code:xml}
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="managementLDAPDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://dhcp-107.winlab.fab.redhat.com:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=Administrator,cn=users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com"/>
...
{code}
But, an authentication failed and I got a message "The web console could not be loaded. Authentication required." in the console. It seems that host.xml need to have security-domain section similar to standalone.xml. "-jaas" of JVM option does not work as well.
was:
I configured <jaas> for management interface in host.xml of domain mode as follow:-
{code:xml}
<security-realm name="ldap_security_realm">
<authentication>
<jaas name="managementLDAPDomain"/>
</authentication>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.native.port:9999}"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket interface="management" port="${jboss.management.http.port:9990}"/>
</http-interface>
</management-interfaces>
</management>
...
(skip)
...
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="managementLDAPDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://dhcp-107.winlab.fab.redhat.com:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=Administrator,cn=users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com"/>
...
{code}
But, an authentication failed and I got a message "The web console could not be loaded. Authentication required." in the console. It seems that host.xml need to have security-domain section similar to standalone.xml. "-jaas" of JVM option does not work as well.
Forum Reference: https://community.jboss.org/message/747913 (was: https://community.jboss.org/message/747913)
> jaas tag for management interface does not work in domain mode
> --------------------------------------------------------------
>
> Key: AS7-5180
> URL: https://issues.jboss.org/browse/AS7-5180
> Project: Application Server 7
> Issue Type: Bug
> Components: Console, Security
> Affects Versions: 7.1.2.Final (EAP)
> Reporter: Hisanobu Okuda
> Assignee: Heiko Braun
> Labels: eap6
>
> I configured <jaas> for management interface in host.xml of domain mode as follow:-
> {code:xml}
> <security-realm name="ldap_security_realm">
> <authentication>
> <jaas name="managementLDAPDomain"/>
> </authentication>
> </security-realm>
> </security-realms>
> <management-interfaces>
> <native-interface security-realm="ManagementRealm">
> <socket interface="management" port="${jboss.management.native.port:9999}"/>
> </native-interface>
> <http-interface security-realm="ManagementRealm">
> <socket interface="management" port="${jboss.management.http.port:9990}"/>
> </http-interface>
> </management-interfaces>
> </management>
> {code}
> And added security-domain in domain.xml as follow:-
> {code:xml}
> <subsystem xmlns="urn:jboss:domain:security:1.1">
> <security-domains>
> <security-domain name="managementLDAPDomain">
> <authentication>
> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
> <module-option name="java.naming.provider.url" value="ldap://dhcp-107.winlab.fab.redhat.com:389"/>
> <module-option name="java.naming.security.authentication" value="simple"/>
> <module-option name="bindDN" value="cn=Administrator,cn=users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com"/>
> ...
> {code}
> But, an authentication failed and I got a message "The web console could not be loaded. Authentication required." in the console. It seems that host.xml need to have security-domain section similar to standalone.xml. "-jaas" of JVM option does not work as well.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list