[jboss-user] [Security & JAAS/JBoss] - mapping principals with digital certificates

oconesa do-not-reply at jboss.com
Mon Oct 1 04:18:05 EDT 2007


We have configured JAAS to authenticate users using digital certificates and roles stored in a database. It work fine, but we have a problem with the "Principal". 

By default, when you use a digital certificate in JAAS, the Principal is the "DN:Distinguished Name" of the user certificate. But we want to map this Principal with another more simple like "user1", because the DN is a long text.

In the login-config.xml we use:

    <application-policy name = "app1">
       
          <login-module code = "org.jboss.security.auth.spi.DatabaseCertLoginModule"
             flag = "required">
             <module-option name = "password-stacking">useFirstPass</module-option>
             <module-option name = "securityDomain">java:/jaas/jmx-console</module-option>
             <module-option name = "verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option> 
             <module-option name = "dsJndiName">java:/MySqlDS</module-option>
             <module-option name = "rolesQuery">SELECT Role, 'Roles' FROM Roles WHERE ID=?</module-option>
          </login-module>
     
    </application-policy>


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4090110#4090110

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4090110



More information about the jboss-user mailing list