[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples
rathinaganesh
do-not-reply at jboss.com
Mon Jun 29 14:34:35 EDT 2009
Greetings,
I am trying to do the same thing, Install Federated SSO and test it.
I am using
Jboss-4.2.2.GA on Windows XP
OpenDS-1.2.0 on FreeBSD
I have set up the OpenDS for the testuser login.
Previously, I got the error as testuser is not activated. So, I took out the source from the trunk mentioned above. Updated the trunk and build the sso sar and ear files.
The security-config.xml inside the jboss-sso-test.ear\META-INF looks like this
|
| <!-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
| security domain used by the security-spec test case
| -->
| <policy>
| <application-policy name="jboss-sso">
| <authentication>
| <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| <!--module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">HEX</module-option-->
| <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>
| </login-module>
| <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
|
|
The sso.cfg.xml file under jboss-sso.sar looks like this
|
| <login>
| <provider id="si:jboss-sso:ldap:login" class="org.jboss.security.idm.ldap.HashAlgorithmRemoverLDAPIdentityProvider">
| <property name="connectionURL">
| jdbc:ldap://10.10.60.4:389/dc=jboss,dc=com?SEARCH_SCOPE:=subTreeScope&secure:=false&concat_atts:=true&size_limit:=10000000
| </property>
| <property name="username">uid=admin,dc=jboss,dc=com</property>
| <property name="password">jbossrocks</property>
| <property name="identityOu">People</property>
| <property name="roleOu">roles</property>
| </provider>
| </login>
|
|
and this is how it looks like in the ldapsearch
| /usr/local/OpenDS-1.2.0/bin/ldapsearch -s sub -b cn=testuser,ou=People,dc=jboss,dc=com "(objectclass=*)"
| dn: cn=testuser,ou=People,dc=jboss,dc=com
| objectClass: person
| objectClass: inetOrgPerson
| objectClass: organizationalPerson
| objectClass: top
| mail: [EMAIL PROTECTED]
| uid: test
| cn: testuser
| displayName: Test User
| sn: true
|
When I try to use testuser and secret as login and password, I get login failed on the jsp. I am not getting any errors on the jboss server log.
On the OpenDS log, I see the following message.
|
| [29/Jun/2009:11:19:54 -0700] CONNECT conn=176 from=10.10.1.145:3241 to=10.10.60.4:389 protocol=LDAP
| [29/Jun/2009:11:19:54 -0700] BIND REQ conn=176 op=0 msgID=19 type=SIMPLE dn="uid=admin,dc=jboss,dc=com"
| [29/Jun/2009:11:19:54 -0700] BIND RES conn=176 op=0 msgID=19 result=0 authDN="uid=admin,dc=jboss,dc=com" etime=1
| [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=176 op=1 msgID=20 base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree filter="(objectClass=*)" attrs="cn"
| [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=176 op=1 msgID=20 result=0 nentries=1 etime=2
| [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=176 op=2 msgID=21
| [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=176 reason="Client Unbind"
| [29/Jun/2009:11:19:54 -0700] CONNECT conn=177 from=10.10.1.145:3242 to=10.10.60.4:389 protocol=LDAP
| [29/Jun/2009:11:19:54 -0700] BIND REQ conn=177 op=0 msgID=22 type=SIMPLE dn="uid=admin,dc=jboss,dc=com"
| [29/Jun/2009:11:19:54 -0700] BIND RES conn=177 op=0 msgID=22 result=0 authDN="uid=admin,dc=jboss,dc=com" etime=1
| [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=177 op=1 msgID=23 base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree filter="(objectClass=*)" attrs="cn,sn,userPassword,givenName,displayName,o,employeeType,title,postalAddress,mail,telephoneNumber"
| [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=177 op=1 msgID=23 result=0 nentries=1 etime=1
| [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=177 op=2 msgID=24
| [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=177 reason="Client Unbind"
| [29/Jun/2009:11:19:54 -0700] CONNECT conn=178 from=10.10.1.145:3243 to=10.10.60.4:389 protocol=LDAP
| [29/Jun/2009:11:19:54 -0700] BIND REQ conn=178 op=0 msgID=25 type=SIMPLE dn="uid=admin,dc=jboss,dc=com"
| [29/Jun/2009:11:19:54 -0700] BIND RES conn=178 op=0 msgID=25 result=0 authDN="uid=admin,dc=jboss,dc=com" etime=1
| [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=178 op=1 msgID=26 base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree filter="(objectClass=*)" attrs="cn"
| [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=178 op=1 msgID=26 result=0 nentries=1 etime=1
| [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=178 op=2 msgID=27
| [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=178 reason="Client Unbind"
| [29/Jun/2009:11:19:54 -0700] CONNECT conn=179 from=10.10.1.145:3244 to=10.10.60.4:389 protocol=LDAP
| [29/Jun/2009:11:19:54 -0700] BIND REQ conn=179 op=0 msgID=28 type=SIMPLE dn="uid=admin,dc=jboss,dc=com"
| [29/Jun/2009:11:19:54 -0700] BIND RES conn=179 op=0 msgID=28 result=0 authDN="uid=admin,dc=jboss,dc=com" etime=1
| [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=179 op=1 msgID=29 base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree filter="(objectClass=*)" attrs="cn,sn,userPassword,givenName,displayName,o,employeeType,title,postalAddress,mail,telephoneNumber"
| [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=179 op=1 msgID=29 result=0 nentries=1 etime=1
| [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=179 op=2 msgID=30
| [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=179 reason="Client Unbind"
|
|
Am I making some mistake here? I am struck with this. I am not able to proceed further. Any pointers or help on this would be really great.
Thanks,
Ganesh.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4240839#4240839
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4240839
More information about the jboss-user
mailing list