2 Replies Latest reply on Mar 14, 2012 11:53 AM by karink

    AS 7.1.1_final: available authentication types to secure the managment interfaces

    karink

      Hi

       

      at the moment I'm trying to find out the best way for us to secure the management interface(s)

       

      According to this documentation https://docs.jboss.org/author/display/AS71/Securing+the+Management+Interfaces

      the following authentication types are currently available

       

      Authentication
      Mechanism
      HTTP
      Interface
      Native
      Interface
      LDAP
      HTTP BASIC
      Not Supported1
      Users
      HTTP DIGEST
      SASL DIGEST
      Properties
      HTTP DIGEST
      SASL DIGEST

       

      Looking at the jboss-as-config_1_1.xsd and at the source code there seems to be another authentication type available -> jaas (class org.jboss.as.domain.management.security.JaasCallbackHandler)

      Is this authentication type really available for http interface and native interface (I just don't want to spend time trying it out, when it is not really supported for the moment, and as it is not stated in the documentation mentioned above I assume this is at the moment not supported).

       

      Is there any way to exchange the authentication method for the http/native interface? E.g. for the http interface I would like to enable a custom built authenticator which just verifies a digitally signed header and sets the principal using this one. Studying the source (org.jboss.as.domain.http.server.ManagementHttpServer) I think it is not easily possible to modify that.

       

      Same question for the native interface can we use there for example certificate based authentication or is at the moment really only SASL DIGES/ authentication method available (as stated in the documentation)

       

       

       

      Thanks for your help

      Regards

      Karin

        • 1. Re: AS 7.1.1_final: available authentication types to secure the managment interfaces
          dlofthouse

          That list is due an update as we do support LDAP with the Native interface and that currently works with the PLAIN mechanism - also a JAAS domain can be used for username / password authentication and that also uses PLAIN.  Client certificate verification can be enabled for both interfaces but we do not support additional mechanisms at the moment.

          1 of 1 people found this helpful
          • 2. Re: AS 7.1.1_final: available authentication types to secure the managment interfaces
            karink

            Hi Darran

             

            thanks for your help

             

            So this means at the moment there is no way to configure other combination of authentication method / and user store than those you have mentioned above.

            Right?

             

            I think it would be cool to choose the authentication method (like SAML, Kerberos,...)  for the web management console/native DMR interface and to enable JAAS for checking the user received from the authentication method

             

            Are there any plans to provide this feature.