how can I secure the JBoss Administration Console with digest authentication?
I tried it but then I got two windows for authentication, the first was from the normal admin-console.war and the second from JFaces. The first authentication works with digest, but the second not. I cannot open the Administration Console. It only works with basic authentication, the I have to insert the username and password two times.
Now I use basic authentication and only the login from the Administration Console.
Can somebody help me?
The admin console uses Seam security with form-based JAAS auth. This is configured via the standard Seam mechanisms (i.e. via WEB-INF/components.xml and WEB-INF/pages.xml). If you wanted to switch over to using HTTP digest auth, you'd have to reconfigure Seam security. The docs for Seam security authentication are here:
You'd also have to switch over the jmx-console domain to using digest auth as described here:
but I'm assuming you already did that part.
Knut / Ian,
Have you been able to resolve the "admin-console/Digest" authentication issue.
The basic authentication works for me but with basic authentication the password is in clear text.
I have been able to do digest authentication for jmx-console and web-console and its working.
Thanks and Regards,
I didn't spend a lot of time messing with it, but it did seem a bit convoluted to get it working in conjunction with Seam security. You'll most likely need to make some changes to the EmbJopr source code and rebuild the admin-console.war in order to get it working. If you do attempt it and hit a wall, I'd suggest posting to the Seam user forum.