JBoss: LDAP authentication (login-config.xml) example

In the past weeks, I was responsible for setting up a new JBoss Application Server for a customer. One thing I had to do was to enable authentication via the customers existing Active Directory for SSO (Single Sign On).

When fiddling with authentication, one is always happy to find examples of existing installations. In this post, I give an example of how to configure LDAP authentication (in this case with Active Directory) in JBoss. While you can find extensive documentation on the JBoss website, I always like it if there is a specific example provided, so here it goes:

login-config.xml

<authentication>
      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                          <module-option name="java.naming.factory.initial">
                                         com.sun.jndi.ldap.LdapCtxFactory</module-option>
                          <module-option name="java.naming.provider.url">
                                         ldap://sk-int-ad1.krenger.local:389/</module-option>
                          <module-option name="java.naming.security.authentication">
                                         DIGEST-MD5</module-option>
                          <module-option name="rolesCtxDN">OU=users,OU=appserv,DC=krenger,DC=local
                          </module-option>
                          <module-option name="matchOnUserDN">false</module-option>
                          <module-option name="uidAttributeID">sAMAccountName</module-option>
                          <module-option name="roleAttributeID">memberOf</module-option>
                          <module-option name="roleAttributeIsDN">true</module-option>
                          <module-option name="roleNameAttributeID">name</module-option>
                          <module-option name="unauthenticatedIdentity">unauthenticated
                          </module-option>
                          <module-option name="allowEmptyPasswords">false</module-option>
        </login-module>
</authentication>

So this is an example which uses JBoss LDAP authentication with Active Directory. The Domain Controller sk-int-ad1.krenger.local is the primary domain controller for the domain “krenger.local” and the users are specified in the Organizational Unit (OU) “local.krenger.appserv.users”. For more information about JBoss authentication, visit the website mentioned above or refer to the Microsoft TechNet documentation for Active Directory (which is quite good by the way!)