Support for authentication-jaspi
mschoepke opened this issue · 4 comments
mschoepke commented
Hi,
I'd need to have support for authentication-jaspi like so:
<security-domain name="abc" cache-type="default">
<authentication-jaspi>
<login-module-stack name="lm-stack">
<login-module code="Dummy" flag="required"/>
</login-module-stack>
<auth-module code="com.foo.bar.SomeModule" flag="required" login-module-stack-ref="lm-stack">
<module-option name="foo" value="bar"/>
</auth-module>
</authentication-jaspi>
</security-domain>
Thanks a lot
--Markus
bserdar commented
Try this, see if it works:
{ "security" => {
"security-domain" => {
"abc" => {
"cache-type" => "default",
"authentication" => {
"jaspi" => {
"auth-module" => {...}
"login-module" => {...}
}
}
}
...
juame commented
Hi Burak
we try to run following jcliff template:
{ "security" =>
{
"security-domain" => {
"abcd" => {
"cache-type" => "default",
"authentication" => {"jaspi" => {
"auth-modules" => [{
"code" => "com.example.abcd",
"flag" => "required",
"login-module-stack-ref" => "abcd-stack",
"module-options" => {
"configuration_endpoint_url" => "https://example.com:443/abcd-service/",
"client_id" => "2361933560598880824923619335605988808249",
"client_secret" => "46325493924300150246",
}
}],
"login-module-stack" => {"abcd-stack" => {
"login-modules" => [{
"code" => "Dummy",
"flag" => "required"
}]
}}
}}
}
}
}
}
It should "create" the security-domain in the jcliff config (xml style):
<security-domain name="abcd" cache-type="default">
<authentication-jaspi>
<login-module-stack name="abcd-stack">
<login-module code="Dummy" flag="required"/>
</login-module-stack>
<auth-module code="com.example.abcd" flag="required" login-module-stack-ref="abcd-stack">
<module-option name="configuration_endpoint_url" value="https://example.com:443/abcd-service/"/>
<module-option name="client_id" value="2361933560598880824923619335605988808249"/>
<module-option name="client_secret" value="46325493924300150246"/>
</auth-module>
</authentication-jaspi>
</security-domain>
Problem: The login-module-stack is missing...
CLI-Output (/subsystem=security/security-domain=abcd:read-resource(recursive=true)
): "login-module-stack" => undefined
Thanks!
bserdar commented
This should be fixed in 2.10.1, please let me know.