[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples

rathinaganesh Mon, 29 Jun 2009 11:36:23 -0700

Greetings,

I am trying to do the same thing, Install Federated SSO and test it.
I am using 
Jboss-4.2.2.GA on Windows XP
OpenDS-1.2.0 on FreeBSD
I have set up the OpenDS for the testuser login.
Previously, I got the error as testuser is not activated.  So, I took out the 
source from the trunk mentioned above. Updated the trunk and build the sso sar 
and ear files.


The security-config.xml inside the jboss-sso-test.ear\META-INF looks like this


  | 
  | <!-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
  | security domain used by the security-spec test case
  | -->
  | <policy>
  |     <application-policy name="jboss-sso">       
  |        <authentication>
  |          <login-module 
code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
  |             <module-option 
name="unauthenticatedIdentity">guest</module-option>                        
  |             <module-option 
name="password-stacking">useFirstPass</module-option>           
  |             <!--module-option name="hashAlgorithm">MD5</module-option>
  |             <module-option name="hashEncoding">HEX</module-option-->
  |             <module-option 
name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>         
    
  |          </login-module>
  |          <login-module 
code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
  |             <module-option 
name="unauthenticatedIdentity">guest</module-option>                        
  |             <module-option 
name="password-stacking">useFirstPass</module-option> 
  |             <module-option 
name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>         
 
  |          </login-module>
  |       </authentication>
  |     </application-policy>
  | </policy>
  | 
  | 


The sso.cfg.xml file under jboss-sso.sar looks like this

  | 
  |             <login>
  |                     <provider id="si:jboss-sso:ldap:login" 
class="org.jboss.security.idm.ldap.HashAlgorithmRemoverLDAPIdentityProvider">
  |                             <property name="connectionURL">
  |                                     
jdbc:ldap://10.10.60.4:389/dc=jboss,dc=com?SEARCH_SCOPE:=subTreeScope&secure:=false&concat_atts:=true&size_limit:=10000000
  |                             </property>
  |                             <property 
name="username">uid=admin,dc=jboss,dc=com</property>
  |                             <property name="password">jbossrocks</property>
  |                             <property name="identityOu">People</property>
  |                             <property name="roleOu">roles</property>
  |                     </provider>
  |             </login>
  | 
  | 

and this is how it looks like in the ldapsearch


  | /usr/local/OpenDS-1.2.0/bin/ldapsearch -s sub -b 
cn=testuser,ou=People,dc=jboss,dc=com "(objectclass=*)"
  | dn: cn=testuser,ou=People,dc=jboss,dc=com
  | objectClass: person
  | objectClass: inetOrgPerson
  | objectClass: organizationalPerson
  | objectClass: top
  | mail: [EMAIL PROTECTED]
  | uid: test
  | cn: testuser
  | displayName: Test User
  | sn: true
  | 


When I try to use testuser and secret as login and password, I get login failed 
on the jsp. I am not getting any errors on the jboss server log.
On the OpenDS log, I see the following message. 


  | 
  | [29/Jun/2009:11:19:54 -0700] CONNECT conn=176 from=10.10.1.145:3241 
to=10.10.60.4:389 protocol=LDAP
  | [29/Jun/2009:11:19:54 -0700] BIND REQ conn=176 op=0 msgID=19 type=SIMPLE 
dn="uid=admin,dc=jboss,dc=com"
  | [29/Jun/2009:11:19:54 -0700] BIND RES conn=176 op=0 msgID=19 result=0 
authDN="uid=admin,dc=jboss,dc=com" etime=1
  | [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=176 op=1 msgID=20 
base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree 
filter="(objectClass=*)" attrs="cn"
  | [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=176 op=1 msgID=20 result=0 
nentries=1 etime=2
  | [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=176 op=2 msgID=21
  | [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=176 reason="Client Unbind"
  | [29/Jun/2009:11:19:54 -0700] CONNECT conn=177 from=10.10.1.145:3242 
to=10.10.60.4:389 protocol=LDAP
  | [29/Jun/2009:11:19:54 -0700] BIND REQ conn=177 op=0 msgID=22 type=SIMPLE 
dn="uid=admin,dc=jboss,dc=com"
  | [29/Jun/2009:11:19:54 -0700] BIND RES conn=177 op=0 msgID=22 result=0 
authDN="uid=admin,dc=jboss,dc=com" etime=1
  | [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=177 op=1 msgID=23 
base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree 
filter="(objectClass=*)" 
attrs="cn,sn,userPassword,givenName,displayName,o,employeeType,title,postalAddress,mail,telephoneNumber"
  | [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=177 op=1 msgID=23 result=0 
nentries=1 etime=1
  | [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=177 op=2 msgID=24
  | [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=177 reason="Client Unbind"
  | [29/Jun/2009:11:19:54 -0700] CONNECT conn=178 from=10.10.1.145:3243 
to=10.10.60.4:389 protocol=LDAP
  | [29/Jun/2009:11:19:54 -0700] BIND REQ conn=178 op=0 msgID=25 type=SIMPLE 
dn="uid=admin,dc=jboss,dc=com"
  | [29/Jun/2009:11:19:54 -0700] BIND RES conn=178 op=0 msgID=25 result=0 
authDN="uid=admin,dc=jboss,dc=com" etime=1
  | [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=178 op=1 msgID=26 
base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree 
filter="(objectClass=*)" attrs="cn"
  | [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=178 op=1 msgID=26 result=0 
nentries=1 etime=1
  | [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=178 op=2 msgID=27
  | [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=178 reason="Client Unbind"
  | [29/Jun/2009:11:19:54 -0700] CONNECT conn=179 from=10.10.1.145:3244 
to=10.10.60.4:389 protocol=LDAP
  | [29/Jun/2009:11:19:54 -0700] BIND REQ conn=179 op=0 msgID=28 type=SIMPLE 
dn="uid=admin,dc=jboss,dc=com"
  | [29/Jun/2009:11:19:54 -0700] BIND RES conn=179 op=0 msgID=28 result=0 
authDN="uid=admin,dc=jboss,dc=com" etime=1
  | [29/Jun/2009:11:19:54 -0700] SEARCH REQ conn=179 op=1 msgID=29 
base="cn=testuser,ou=People,dc=jboss,dc=com" scope=wholeSubtree 
filter="(objectClass=*)" 
attrs="cn,sn,userPassword,givenName,displayName,o,employeeType,title,postalAddress,mail,telephoneNumber"
  | [29/Jun/2009:11:19:54 -0700] SEARCH RES conn=179 op=1 msgID=29 result=0 
nentries=1 etime=1
  | [29/Jun/2009:11:19:54 -0700] UNBIND REQ conn=179 op=2 msgID=30
  | [29/Jun/2009:11:19:54 -0700] DISCONNECT conn=179 reason="Client Unbind"
  | 
  | 

Am I making some mistake here? I am struck with this. I am not able to proceed 
further. Any pointers or help on this would be really great.

Thanks,
Ganesh.


View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4240839#4240839

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4240839
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples

Reply via email to