I am new to authentication and security area and I am trying to extend the authentication mechanism of my application, which currently provides traditional user name/password authentication, to provide user to authenticate via LDAP Server.
In the current implementation, the application uses j_security_check thread from Server API to authenticate the user. The standalone.xml file of Jboss has a login module pointing to a myLoginModuleClass class which extends the jboss.security.auth.spi.UsernamePasswordLoginModule.
<security-domain name="db-domain">
<authentication>
<login-module code="myLoginModuleClass" flag="required" module="packageForClass">
<module-option name="hashAlgorithm" value="SHA-256" />
<module-option name="hashEncoding" value="base64" />
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
</authentication>
</security-domain>I have added another login-module called LDAP Login module in a separate security.
<security-domain name="ldap-domain">
<authentication>
<login-module code="LDAPLoginModule" flag="required" module="LDAPModulePackage">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
<module-option name="java.naming.security.authentication" value="simple" />
<module-option name="bindCredential" value="secret" />
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
</authentication>
</security-domain>The issue I am currently facing is following: the jboss-web.xml and the project's web.xml both points to existing security domain: db-domain. And I can only specify one security domain there. Question: How can I programmatically tell jboss to point to a particular login class based on user selection, meaning if user choose to go have ldap auth, the LDAPLoginModule class is called? Or is there any other better way to have a mix mode authentication?
Thank in advance
j_security_check, likewise, how do you trigger the LDAP login? – Parag Kadam