OrangeScape Developer Community

A community for Application Developers on OrangeScape's Platform-as-a-Service

LDAP Authentication for OrangeScape applications.

LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other applications use to look up information from a server.

Configuring LDAP authentication for OrangeScape applications in JBoss is very simple. Configure AUTHENTICATION=LDAP_AUTH of appconfig.py file of “#####.war\wsgiapp\appconfig.py “.

Please make use of attached patch files(right click and save) in the application war file in the below specified path,

####.war\wsgiapp\orangescape\templates\login.html

####.war\logout.jsp

####.war\WEB-INF\web.xml

There are two criteria in which an LDAP authentication can be made

a.       The User Login Id and the Relative Distinguished Name are the same(LdapLoginModule).

b.       The User Login Id and the Relative Distinguished Name are different (LdapExtLoginModule)

LdapLoginModule:

Ldap Login Module requires the below configuration in the login-config.xml file of “jboss-xxx\server\default\conf\”

 

    <application-policy name = "orangescape-sso">

        <authentication>

            <login-module code="org.jboss.security.auth.spi.LdapLoginModule"  flag="required">

                <module-option name="java.naming.factory.initial">  com.sun.jndi.ldap.LdapCtxFactory </module-option>

                <module-option name="java.naming.provider.url">  ldap://ldapserver/</module-option>

                <module-option name="java.naming.security.authentication"> simple </module-option>

                <module-option name="principalDNPrefix">uid=</module-option>                    

                <module-option name="principalDNSuffix">,ou=xxx,dc=xx,dc=xxx</module-option>

                <module-option name="rolesCtxDN">ou=xxx,dc=xxxx,dc=xxx</module-option>

                <module-option name="uidAttributeID">xxx</module-option>

                <module-option name="roleAttributeID">xxxxx</module-option>

                <module-option name="roleAttributeIsDN">xxxxx</module-option>

                <module-option name="roleNameAttributeID">xxxx</module-option>

                <module-option name="allowEmptyPasswords">false</module-option>

            </login-module>

        </authentication>

    </application-policy>

 

LDAP Ext Login Module:

Ldapextloginmodule allows us to search the LDAP server based on the login id. The configuration in the login-config.xml file of “jboss-xxx\server\default\conf\” is as below.

<application-policy name="orangescape-sso">

          <authentication>

              <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                <module-option name = "debug">true</module-option>

                <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>

                <module-option name = "java.naming.provider.url">ldap://0.0.0.0:0000</module-option>

                <module-option name = "bindDN">CN=xxx,OU=xxx,DC=xxx,DC=xxx</module-option>

                <module-option name="bindCredential">xxxxx</module-option>

                <module-option name="baseCtxDN">DC=xxx,DC=xxx</module-option>

                <module-option name="baseFilter">(sAMAccountName={0})</module-option>

                <module-option name="roleFilter">xxxx</module-option>

                <module-option name="roleAttributeID">xxx</module-option>

                <module-option name="allowEmptyPasswords">false</module-option>

</login-module>

          </authentication>

 

    </application-policy>

To know more about the configuration settings please refer this link.

 

Single Sign On:

Incase if you are deploying more than one OrangeScape applications in JBoss and you need to implement Single Sign On (Authentication process that lets a user to enter a username and password only once when they log on to a server, yet have access many applications. If a user has rights to use many different applications on a server, they only have to log-in once and won't be prompted again for a username and password each and every time they want to switch to another program or application on that same server.)

Follow the below steps,

  • You should uncomment  the following line

<Valve className=’org.apache.catalina.authenticator.SingleSignOn’/>

in the $JBOSS_HOME/server/default/deploy/jbossweb.sar/server.xml file.

  • Replace the below line

   <security-domain>java:/jaas/JBossWS</security-domain>

In the D:\JBoss\jboss-5.1.0.GA\server\default\deploy\Application.war\WEB-INF\jboss-web.xml to

  <security-domain>java:/jaas/orangescape-sso</security-domain>

To know more about the configuration settings of SSO please refer this link.

 

 

 

 

 

Views: 446

Comment

You need to be a member of OrangeScape Developer Community to add comments!

Join OrangeScape Developer Community

Comment by Kamal.S on March 27, 2014 at 3:03pm
Comment by Kamal.S on July 26, 2012 at 4:13pm

Thanks Vaithi for supporting...

Comment by Kamal.S on June 18, 2012 at 7:10pm

Hi,
First time in your local Apache DS, while the server is up and running log into as admin (uid=admin,ou=system) using the default password 'secret' and bind to ou=system(If you are using JXplorer, host: localhost, port: 10389), to connect server.

Comment by Vaithiyanathan on June 18, 2012 at 6:40pm

Hi Kamal,

Directory servers has its own default login configurations. Please specify the DS which you have used.

© 2017   Created by OrangeScape Technologies.   Powered by

Badges  |  Report an Issue  |  Terms of Service