JBoss supports multiple authentication realms by allowing
multiple authentication login-module sections in its configuration
file login-config.xml. This procedure describes
how to set up the configuration file for JBoss 5.x.
About this task
The easiest way to configure multiple realms is to use
Configuration Manager to create the initial authentication section
in the JBoss file login-config.xml in the server's \conf directory
(for example: ..\server\myserver\conf\login-config.xml).
After initial configuration, you must directly edit the XML file to
add additional authentication login-module sections that point to
additional naming contexts on your directory server.
Procedure
To configure additional realms:
- Open login-config.xml in an editor.
Find the <application-policy name = "FileNet"> section. It will look similar to the following sample:
<application-policy name = "FileNet">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="sufficient">
<module-option name="java.naming.provider.url">
ldap://yourserver:389</module-option>
<module-option name="java.naming.security.authentication">simple
</module-option>
...
</login-module>
</authentication>
</application-policy>
- Make a copy of the <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="sufficient"> ... </login-module>
section and paste it right after the first. Change the required FileNet® P8 values (for example, java.naming.provider.url)
in the new section so that it points to the new realm. See the Directory service providers section for
information about each application server's attributes and values.
- Find the <application-policy name = "CLIENT_LOGIN_MODULE"> section.
Make a copy of the <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="sufficient"> ... </login-module>
section and paste it right after the first. Change the required FileNet
P8 values (for example, java.naming.provider.url) in the new section
so that it points to the new realm.
- Find the <application-policy name = "BYPASSED-SECURITY"> section.
Make a copy of the <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="sufficient"> ... </login-module>
section and paste it right after the first. Change the required FileNet
P8 values (for example, java.naming.provider.url) in the new section
so that it points to the new realm.
- Restart the application server.
- Log in to Administration Console for Content Platform Engine as
GCD administrator (gcd_admin). Run the Create Directory
Configuration wizard. Enter the same directory service configuration
property values that you just added to the authentication provider.
- Repeat steps 1 and 2 for each additional directory server
naming context that you want to configure as FileNet P8 realms.
- Test the new configuration by logging in to a client application
with an account residing in the newly configured realm.
- Grant the new users and groups access to objects by logging
on to Administration Console for Content Platform Engine as object
store administrator and adding the new accounts to document classes.