Search
SupportConsoleDevelopersStart a trialContact

2.4. Role Mapping

download PDF
Once the user has been authenticated against the KDC (this occurs through org.jboss.security.negotiation.spnego.SPNEGOLoginModule), the application server needs to obtain the user roles. The authentication can use either the org.jboss.security.auth.spi.UsersRolesLoginModule to obtain user roles from a roles.properties file or the org.jboss.security.negotiation.AdvancedLdapLoginModule to obtain user roles from an LDAP server.

2.4.1. Setting up Role Mapping with a Roles Properties File

To allow SPNEGO to obtain the roles of an authenticated user from a roles.properties file, do the following:
  1. In the application security domain, set the second login module of the SPNEGO authentication to org.jboss.security.auth.spi.UsersRolesLoginModule (refer to Example 2.2, “Application Security Domain”) and provide the module options. Refer to UsersRolesLoginModule in the Security Guide).
  2. If the application security domain is defined in the $JBOSS_HOME/server/$PROFILE/conf/login-config.xml file, define the user roles in the $JBOSS_HOME/server/$PROFILE/conf/props/spnego-users.properties file. Use the following pattern: fullyQualifiedUserName=comma-separatedListOfRoles

    Example 2.3. roles.properties file

    # A roles.properties file for use with the UsersRolesLoginModule
darranl@KERBEROS.JBOSS.ORG=Users,Admins
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.