1

在我们网站的登录页面上,我们要求输入用户名和密码,然后通过 SSL 将它们传递到服务器。然后,我们将这些凭据传递给我们的 Active Directory 服务器,使用我们的服务帐户凭据以未加密的方式登录到服务器。我尝试了数十种不同的配置(这似乎是一个常见问题),但无法通过身份验证。

这是我的standalone.xml 中的安全子系统

<subsystem xmlns="urn:jboss:domain:security:1.2">
    <security-domains>
         <security-domain name="other" cache-type="default">
             <authentication>
               <login-module code="Remoting" flag="optional">
                  <module-option name="password-stacking" value="useFirstPass"/>
               </login-module>
               <login-module code="RealmDirect" flag="required">
                  <module-option name="password-stacking" value="useFirstPass"/>
               </login-module>
             </authentication>
         </security-domain>
         <security-domain name="JAXUser" cache-type="default">
             <authentication>
               <login-module code="Remoting" flag="optional">
                 <module-option name="password-stacking" value="useFirstPass"/>
               </login-module>
               <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
                 <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                 <module-option name="java.naming.provider.url" value="ldap://ldap-server.jax.org:389"/>
                 <module-option name="java.naming.security.authentication" value="simple"/>
                 <module-option name="searchScope" value="SUBTREE_SCOPE"/>
                 <module-option name="bindDN" value="cn=svc-SampleTracker"/>
                 <module-option name="bindCredential" value="myPassword"/>
                 <module-option name="baseCtxDN" value="dc=jax,dc=org"/>
                 <module-option name="baseFilter" value="(sAMAccountName={0})"/>
                 <module-option name="allowEmptyPasswords" value="false"/>
                 <module-option name="throwValidateError" value="true"/>
                 <module-option name="roleRecursion" value="1"/>
                 <!-- Not using roles at this point -->
               </login-module>
             </authentication>
        </security-domain>
        <security-domain name="jboss-web-policy" cache-type="default">
        <authorization>
            <policy-module code="Delegating" flag="required"/>
        </authorization>
        </security-domain>
        <security-domain name="jboss-ejb-policy" cache-type="default">
            <authorization>
               <policy-module code="Delegating" flag="required"/>
            </authorization>
        </security-domain>
    </security-domains>
</subsystem>

这是我的 ApplicationRealm 的 XML:

<security-realm name="ApplicationRealm">
     <server-identities>
       <ssl>
         <keystore path="server.keystore" 
          relative-to="jboss.server.config.dir" 
          keystore-password="blahblahblah" alias="server"
          key-password="blahblahblah" />
      </ssl>
      </server-identities>
         <authentication>
            <truststore path="server.truststore" 
              relative-to="jboss.server.config.dir" 
              keystore-password="blahblah" />
          <!-- this is the user that made the request to the server -->
          <ldap connection="LdapConnection" 
                       base-dn="dc=jax, dc=org" recursive="true">
                    <username-filter attribute="sAMAccountName" />
           </ldap>
        </authentication>
</security-realm>

任何建议将不胜感激和尝试。

4

0 回答 0