2 Replies Latest reply: Mar 14, 2012 11:53 AM by karin k RSS

AS 7.1.1_final: available authentication types to secure the managment interfaces

karin k Newbie

Hi

 

at the moment I'm trying to find out the best way for us to secure the management interface(s)

 

According to this documentation https://docs.jboss.org/author/display/AS71/Securing+the+Management+Interfaces

the following authentication types are currently available

 

Authentication
Mechanism
HTTP
Interface
Native
Interface
LDAP
HTTP BASIC
Not Supported1
Users
HTTP DIGEST
SASL DIGEST
Properties
HTTP DIGEST
SASL DIGEST

 

Looking at the jboss-as-config_1_1.xsd and at the source code there seems to be another authentication type available -> jaas (class org.jboss.as.domain.management.security.JaasCallbackHandler)

Is this authentication type really available for http interface and native interface (I just don't want to spend time trying it out, when it is not really supported for the moment, and as it is not stated in the documentation mentioned above I assume this is at the moment not supported).

 

Is there any way to exchange the authentication method for the http/native interface? E.g. for the http interface I would like to enable a custom built authenticator which just verifies a digitally signed header and sets the principal using this one. Studying the source (org.jboss.as.domain.http.server.ManagementHttpServer) I think it is not easily possible to modify that.

 

Same question for the native interface can we use there for example certificate based authentication or is at the moment really only SASL DIGES/ authentication method available (as stated in the documentation)

 

 

 

Thanks for your help

Regards

Karin