Content Platform Engine, Version 5.2.1       Application server:  JBOSS Application Server    

Configure multiple realms (JBoss 5.x)

JBoss supports multiple authentication realms by allowing multiple authentication login-module sections in its configuration file login-config.xml. This procedure describes how to set up the configuration file for JBoss 5.x.

About this task

The easiest way to configure multiple realms is to use Configuration Manager to create the initial authentication section in the JBoss file login-config.xml in the server's \conf directory (for example: ..\server\myserver\conf\login-config.xml). After initial configuration, you must directly edit the XML file to add additional authentication login-module sections that point to additional naming contexts on your directory server.

Procedure

To configure additional realms:

  1. Open login-config.xml in an editor. Find the <application-policy name = "FileNet"> section. It will look similar to the following sample: 
    <application-policy name = "FileNet">
  <authentication>
    <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" 
          flag="sufficient">
      <module-option name="java.naming.provider.url">
          ldap://yourserver:389</module-option>
      <module-option name="java.naming.security.authentication">simple
          </module-option>
      ...
    </login-module>
  </authentication>
</application-policy>
  2. Make a copy of the <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient"> ... </login-module> section and paste it right after the first. Change the required FileNet® P8 values (for example, java.naming.provider.url) in the new section so that it points to the new realm. See the Directory service providers section for information about each application server's attributes and values.
  3. Find the <application-policy name = "CLIENT_LOGIN_MODULE"> section. Make a copy of the <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient"> ... </login-module> section and paste it right after the first. Change the required FileNet P8 values (for example, java.naming.provider.url) in the new section so that it points to the new realm.
  4. Find the <application-policy name = "BYPASSED-SECURITY"> section. Make a copy of the <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient"> ... </login-module> section and paste it right after the first. Change the required FileNet P8 values (for example, java.naming.provider.url) in the new section so that it points to the new realm.
  5. Restart the application server.
  6. Log in to Administration Console for Content Platform Engine as GCD administrator (gcd_admin). Run the Create Directory Configuration wizard. Enter the same directory service configuration property values that you just added to the authentication provider.
  7. Repeat steps 1 and 2 for each additional directory server naming context that you want to configure as FileNet P8 realms.
  8. Test the new configuration by logging in to a client application with an account residing in the newly configured realm.
  9. Grant the new users and groups access to objects by logging on to Administration Console for Content Platform Engine as object store administrator and adding the new accounts to document classes.
Parent topic: Configure multiple realms

Last updated: March 2016
p8psh014.htm

© Copyright IBM Corporation 2017.