Wildfly 8.2 login-module code="AdvancedLdap"
benfarnold May 22, 2015 10:40 AMHi everyone,
I am trying adapt the picketlink-federation-saml-idp-basic quickstart to use password-stacking with LDAP and a database (for roles).
Since I am not using LDAP for roles I omitted the rolesCtxDN and roleFilter module-options from the LdapExtLoginModule. This of course leads to a NPE in rolesSearch()
while (referralsExist) {
NamingEnumeration results = ldapCtx.search(rolesCtxDN, roleFilter, filterArgs, constraints); //<= NPE, when no role filter is specified.
Therefor I switched to the AdvancedLdapLoginModule which has a role filter check in rolesSearch().
I am configuring this as:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="idp" cache-type="default">
<authentication>
<login-module code="AdvancedLdap" flag="required">
...
However, I get the following when I try to authenticate I get:
2015-05-21 15:59:57,781 DEBUG [org.jboss.security] (default task-3) PBOX000206: Login failure: javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.negotiation.AdvancedLdapLoginModule from
[Module "deployment.picketlink-federation-saml-idp-basic-wildfly.war:main" from Service Module Loader
This I can't explain since standalone.xml declares the extension that maps the security module (negotiation) containing the jar.
<extensions>
...
<extension module="org.jboss.as.security"/>
...
C:\wildfly-8.2.0.Final\modules\system\layers\base\org\jboss\as\security\main\module.xml
<module xmlns="urn:jboss:module:1.3" name="org.jboss.as.security">
...
<dependencies>
...
<module name="org.jboss.security.negotiation"/>
and C:\wildfly-8.2.0.Final\modules\system\layers\base\org\jboss\security\negotiation\main\module.xml
<module xmlns="urn:jboss:module:1.3" name="org.jboss.security.negotiation">
<resources>
<resource-root path="jboss-negotiation-extras-2.2.7.Final.jar"/>
and the class is present in the jboss-negotiation-extras-2.2.7.Final.jar.
Any Idea what I am doing wrong?