Google+ Followers

Tuesday, November 11, 2014

Hawtio authentication with LDAP on JBoss Fuse

Finally here is the second part on Hawtio authentication with LDAP, this time on JBoss Fuse / A-MQ 6.1

  • Create a file named ldap-auth.xml and copy it into the deploy folder (you need to adjust the LDAP settings according to your structure)
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<ext:property-placeholder placeholder-prefix="${" placeholder-suffix="}"/>
<jaas:config name="karaf" rank="2">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
connection.url=ldap://<LDAP-IP>:389
connection.username=cn=Manager,dc=redhat,dc=com
connection.password=redhat
user.base.dn=ou=User,ou=ActiveMQ,dc=activemq,dc=redhat,dc=com
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=User,ou=ActiveMQ,dc=activemq,dc=redhat,dc=com
role.filter=(uid=%u)
role.name.attribute=uid
role.search.subtree=true
authentication=simple
</jaas:module>
</jaas:config>
</blueprint> 
 (see also https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_A-MQ/6.1/html-single/Security_Guide/index.html#JAASAuth-LDAPLoginModule)

  •  In etc/system.properties add
hawtio.authenticationEnabled=true
hawtio.realm=karaf
hawtio.role=admin
hawtio.rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal

(see https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Fuse/6.1/html-single/Security_Guide/#WebConsole))